You are on page 1of 135

INTRODUCTION TO IP NETWORKS

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 1

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 1

CONTENTS

INTRODUCTION TO TCP/IP IP LAYER PROTOCOLS IP OVER LAN / MAN / WAN TCP/IP : TRANSPORT LAYER TCP/IP : APPLICATIONS IP NETWORK INTERCONNECTIONS NETWORK ADMINISTRATION SECURITY IP VERSION 6
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 2

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 2

Section 1 INTRODUCTION TO TCP/IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 3

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 3

DEFINITIONS

Network architecture covers all the hardware and software resources for interchanging data between two remotely located data processing systems The OSI model (Open Systems Interconnection) is a 7-layer architecture for communication between two open systems Communication between layers is defined by the concept of service Communication between peer layers is defined by the concept of communication protocol The TCP/IP architecture incorporates only three functional layers
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 4

IP : NETWORK PROTOCOL

1.1 Fundamental concepts of TCP/IP When two data processing systems want to communicate, numerous problems of very different types have to be solved. The functions required for communication must be structured in the same way, hence the need for standardization. In the field of long haul networks, the ITU (International Telecommunications Union (formerly CCITT)) is responsible for most standardization. It has brought together both public and private telecoms Operators and telecom manufacturers from all countries to develop and distribute the most well known standards such as X.25, X.400, ISDN, V.24, etc. The standardization of local area networks is mainly the responsibility of the IEEE (Institute of Electrical and Electronics Engineers), and its committee 802. The ISO (International Standards Organization), which is dependent on the United Nations, plays a major role in networks and telecommunications. It has defined a reference model and is the only organization which can qualify a standard. In France, it is represented by AFNOR. In addition to these official organizations, manufacturers and software publishers also produce standards. When a product becomes widely used, it becomes a "de facto" standard. Ethernet (Digital, Intel, Xerox) and NetWare (Novell) are examples of manufacturer standards. TCP/IP architecture is a particular type of manufacturer standard, although not originated by manufacturers.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 4

FUNCTIONAL STRUCTURE

Application Presentation Session Management of application connections

Transport Network

End-to-end management Network interconnection

Data link Physical

Physical bearer access method

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 5

1.2 Layered architecture


Layer 7 : application layer : This layer manages the ways in which other layers can be used. It provides user services such as messaging, file transfer and sharing, and terminal emulation. presentation layer : This layer manages data presentation problems (that is, syntax and form). It defines the way in which two communicating entities can describe themselves to one another, and the type of data interchanged. session layer : This layer mainly manages the synchronization of remote tasks. It also manages dialogue between the tasks. transport layer : This layer adapts data units to network transport conditions. It manages end-to-end reliability functions if not provided by the network. network layer : This layer manages end-to-end routing of data units called packets, with or without reliability mechanisms. It mainly provides routing and switching functions. data link layer : This layer handles point-to-point transfer of data units called frames, incorporating error detection (and in some cases correction) mechanisms. physical layer : This layer manages data bits, adapting the form (electrical or optical) to the physical bearer. It also provides clock signals required for synchronization.

Layer 6

Layer 5 Layer 4

: :

Layer 3

Layer 2

Layer 1

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 5

ENCAPSULATION

Layer (N+1)

(N+1) - PDU

(N)-PCI

(N) - SDU

Layer (N)

(N) - PDU

PDU : Protocol Data Unit SDU : Service Data Unit PCI : Protocol Control Information

Convention Layer 1 PDU : bit Layer 2 PDU : frame Layer 3 PDU : packet Layer 4 PDU : message

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 6

1.3 Services and Protocols Communication between adjacent layers (vertical communication) is based on the concept of service. The data unit interchanged at the service interface (transparent on a data transmission line) is called : Service Data Unit (SDU). Communication between layers on the same level (peer layers) is based on the concept of protocol. An element of protocol data is called a Protocol Data Unit (PDU).

The information to be transported is "encapsulated" on transition into a layer.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 6

CONNECTION-ORIENTED AND CONNECTIONLESS MODE

The connection-oriented mode is associated with the concept of reliable transfer It involves three phases: - SET-UP - TRANSFER - RELEASE Connectionless mode has only one phase: - TRANSFER
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 7

1.4 Transfer mode Information can be transported over a network in one of two modes: connection-oriented and connectionless. Connection-oriented mode entails maintaining an end-to-end connection for the duration of the dialogue between two open systems. This transport mode requires the use of resources in both systems. In involves three phases: Set-up phase to establish the connection allowing the party initiating the call to ensure that the remote terminal is present and ready to receive. Transfer phase, generally involving simultaneous bidirectional (Full-duplex) transfer. Both communicating machines can send and receive at the same time. Since the connection-oriented service is considered reliable, regular acknowledgements are sent during communication to guarantee that data is routed correctly. Release phase, used by the two machines to ensure that data still in transit is not lost. This is called a negotiated disconnection. An abrupt disconnection can be initiated by one of the two parties but may lead to data loss.

Connectionless datagram mode entails sending data over the network with no guarantee of correct delivery. There is no end-to-end continuous signal regarding the status of transfers. This service is generally not guaranteed reliable. Its main advantages are simplicity of implementation and performance.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 7

RELIABLE TRANSFER

The concept of reliable transfer involves 3 functions: - SEQUENCING - ERROR RECOVERY - FLOW CONTROL

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 8

The concept of reliable transfer is mainly associated with connection-oriented mode. It provides a way of guaranteeing that PDUs are routed from end to end in the order in which they were sent. Sequencing can be achieved by numbering or quantifying PDUs. Error recovery combines two functions: error detection and error correction. In general, detection is handled by an acknowledgement mechanism and correction by retransmission. The purpose of flow control is to prevent data loss in the event of congestion. It allows the receiver to control and even stop data transmission by the sender.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 8

CLIENT-SERVER MODEL

TCP/IP communication complies with the CLIENT-SERVER model

A machine (host) running a SERVER software package (process), responds to requests sent by a CLIENT It is always the CLIENT that sends requests to the server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 9

In the client-server model, the client initiates dialogue and waits for confirmation from the server. If the server accepts the client, it can send requests to which the server responds. The term client-server application is now reserved for a category of applications (generally, but not necessarily, network applications) in which application processing is distributed between client and server. TCP/IP is an architecture based on networked Client-Server relations.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 9

ARCHITECTURES

OSI Architecture
Application Presentation Session Transport Network Link Physical VT, FTAM, X400,CMIP ASN.1 X409 ISO 8326 TP0, ..., TP4 X.25 PLP Internet 8473

Novell Architecture

TCP/IP Architecture Telnet FTP, NFS SMTP HTTP SNMP TCP UDP IP

Microsoft Architecture

NCP SAP

S.M.B. NetBios
NetBeui

SPX IPX FDDI DQDB MAN

HDLC, LAP-B, FR, ATM, X21, V35, S,T Copper, FO, Microwave WAN

802.2 802.x

Ethernet Token Ring LAN


TCP/IP
Page 10

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

There are three main types of architecture: Proprietary architectures These are the oldest types of architecture (defined before the OSI model). The lower layers of these architectures can use standard protocols. For example, Microsoft or Novell architectures can communicate with TCP/IP layers 3 and 4. SNA is IBM's architecture. Standardized architecture A set of services and protocols defined by the ISO within the framework of the OSI model. Although the lower layers (1 to 3) are widely used, the higher layers of the OSI model seem to be limited to administrations. TCP/IP standard architecture TCP/IP is a network architecture for connection of and communication between any type of hardware over any type of network. TCP/IP is rapidly becoming a universal architecture.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 10

IP-RELATED ORGANIZATIONS ISOC ("internet society")


defines policy and development objectives

IAB (Internet Activities Board)


coordinates research and development activities

IETF (Internet Engineering Task Force)


manages technical standards

IRTF (Internet Research Task Force)


responsible for network development

NICs (Network Information Centre)


In France : AFNIC (www.nic.fr) In United States : INTERNIC (www.internic.net)

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 11

The organization supervising all TCP/IP developments is the IAB (Internet Activities Board). It is independent of all manufacturers. It has recently been recognized by the ISO as an independent organization for defining standards. The IAB has two main "task forces": IRTF Internet Research Task Force : responsible for TCP/IP research and development responsible for the Internet

IETF

Internet Engineering Task Force :

Another entity manages Internet access addresses and RFC (requests for comments) numbers: NIC (Network Information Centre). Its French counterpart is the AFNIC: Association Franaise pour le Nommage Internet en Coopration. The IETF and NIC are the two main authorities for both Operators and commercial companies.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 11

REQUESTS FOR COMMENTS

The RFCs published by the IETF are the equivalent of ITU recommendations RFCs have no version N , but the number is changed on each update. Everyone can contribute Document references on protocols and services Technical publications on networks Since 1969 (ARPANET) : more than 2300 RFCs Freely available over the Internet (www.internic.net) Not all RFCs are equivalent to standards

State
Standard Draft standard Proposed Experimental Informational

Status
Required Recommended Elective Limited use Not recommended
TCP/IP
Page 12

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Any new protocol studied and/or implemented is submitted to the IAB in the form of an RFC study document. The IAB (via the NIC) then assigns it a state and a status. The state and status are changed during formalization of the protocol described, its functionalities, implementations, etc. The different states of an RFC are listed below: Standard protocol : Official standard for TCP/IP architecture. exist and have been in operation for some time. Tested products

Draft standard protocol : Potential standard. Additional tests are required. These tests will be submitted once again to the IAB for approval and validation. Proposed Standard Protocol : Potential standard. Numerous tests are still to be carried out. The tested protocol will definitely be reviewed and improved. Experimental protocol : Protocol in the experimental phase. protocol must not be implemented by any operational system. This type of

RFCs are assigned a reference N (and any RFCs made obsolete), and the references, name, company, etc of the author or authors. Many servers relay RFCs over the Internet according to theme or N . standards, they are therefore freely accessible. Unlike the

RFCs specify whether implementation is mandatory, recommended, optional or not recommended.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 12

TCP/IP ARCHITECTURE

ping

Telnet SMTP DNS FTP X-Window


TCP IP

TFTP SNMP NNTP DHCP HTTP


UDP

NFS XDR RPC

IGP / EGP

ICMP

ARP HDLC, LAP-B X21, V35, S, T WAN


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

FDDI MAN

Ethernet Token Ring LAN


TCP/IP
Page 13

Network layer: IP ICMP ARP EIGRP OSPF Transport layer: TCP UDP TELNET SMTP DNS TFTP/FTP SNMP NFS RPC XDR HTTP : : : : : : : : : : : Transmission Control Protocol User Datagram Protocol TELecommunication NETwork Simple Mail Transfer Protocol Domain Name System Trivial / File Transfer Protocol Simple Network Management Protocol Network File System Remote Procedure Call eXternal Data Representation Hyper Text Transport Protocol : : : : : Internet Protocol Internet Control Message Protocol Address Resolution Protocol Bootstrap Protocol/Dynamic Host Configuration Protocol Enhanced Inter Gateway Protocol Open Shortest Path First

BOOTP/DHCP :

Session, Presentation and Application layers:

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 13

Introduction : The essential

True or False
IP was created in the beginning of the 80 s, when the first PCs appeared. The OSI model has been defined in order to classify TCP/IP protocols. Both IP and X25 protocols allow to transmit data, but with different advantages A reliable transfer must be transmitted by a reliable physical bearer. Client/Server architecture is very often used in applications based on IP. IRTF et IETF are organizations depending on the DARPA All the protocols of TCP/IP architeture are defined in the RFCs. False False True False True False True

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 14

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 14

Section 2 IP LAYER PROTOCOLS

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 15

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 15

IP LAYER IP is a protocol that can be routed in connectionless mode


Type : Best Effort Delivery The IP layer incorporates different protocols IP datagram ICMP datagrams Routing datagrams

IP needs a transport protocol IP is non-reliable


Routing not guaranteed No error checking No flow control Sequencing not guaranteed
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 16

Adaptation to the physical network (fragmentation/reassembly) The IP protocol manages packet sizes adapted to the frame size limits at link level (MTU : Maximum Transmit Unit). (Eg. : 1500 octets for Ethernet, 8 Kbytes for Token Ring, etc). IP has a mechanism for fragmenting segments received from a higher layer so that they can be sent on the physical network. Fragmentation, if required, is performed in the routers used.

Time To Live Each packet is sent with the life span, or "time-to-live", defined by the value in the TTL field of the IP header. The counter is initialized by the packet sender and decremented by unity each time it crosses a router. When it hits 0 in a router, the packet is destroyed. An ICMP packet is then returned to the sender.

Multiplexing a number of higher level protocols IP manages N level 4 protocols. A "type" field identifies the protocol transported. Eg: TCP, UDP, Routing, etc.

Dynamic and auto-adaptive routing Routing is the IP protocol's basic functionality. packet from end to end. It serves mainly to route the

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 16

IP : MEDIATION LAYER

LAN Ethernet LAN Token Ring WAN X.25, FR, ATM PSTN-ISDN

WAN ppp

PSTN ISDN

Internet
FDDI

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 17

Restrictions Guaranteed routing The IP protocol provides a datagram service. The IP packet sender does not keep a record of the packet sent, which means that it is not capable of retransmitting the packet if it does not reach its destination. The IP protocol therefore has no acknowledgement mechanism. Error checking The checksum computed for IP is applied only to the IP packet header and used by IP recipients (mainly routers) to check that the packet has not been altered by protocol internal management. Error monitoring is handled by link level protocols. Flow control There is no mechanism for managing buffer saturation in routers. Congestion results in packet loss. Data resequencing Packets sent are routed independently to individual recipients (datagram mode principle). They can take different paths and be received in a sequence different from the transmission sequence. The IP protocol does not guarantee sequencing of the packets transmitted (IP-SDU).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 17

IP ADDRESSES (V4)

10010110 150 .

00001010 10 .

00010100 20 .

00011110 30

In IP V4, an address is coded on 32 bits It is represented by the decimal value of each of the 4 octets, separated by a dot It consists of two fields: - Net ID field - Host ID field The field separator position is variable It is identified using the concept of address class
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 18

Network logical addresses used by the IP layer are 32-bit addresses configured manually or dynamically. These addresses are independent of physical addresses. A static or dynamic mechanism is therefore required to link these two types of address. Any IP station can be reached using different types of address supported by LANs but not by telecom WANs. Unicast address (individual) Each IP machine (that is, a machine with TCP/IP connectivity) has a unique individual address. Note that in contrast to the uniqueness of MAC unicast addresses, IP logical address uniqueness must be guaranteed by the administrator if there is no DHCP server. Broadcast address Any IP machine can be reached using a broadcast address and therefore process the appropriate packet. This type of address means that all stations in the network can be addressed using a single packet. This functionality does not exist on telecom networks. Multicast address (group) This type of address defines a group in which an N-machine subset of all machines can be reached. Addressing is not configurable and is generally application-based or linked to routing protocols.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 18

IP ADDRESSES : CLASSES

Net Id

Host Id

Class A : NET ID 1st octet, Host ID 3 octets


Net Id Host Id

Class B : NET ID 2 octets, Host ID 2 octets

Net Id

Host Id

Class C : NET ID 3 octets, Host ID 1 octet


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 19

32-bit IP addresses consist of two fields: The net ID field first and host id field last. Two stations on the same physical local network can intercommunicate only if they belong to the same IP logical network. Two stations on two different IP networks can intercommunicate only via a router. The position of the network and host field separator depends on the 32-bit address values used. These values are organized in address classes. Addresses in which the first octet has a decimal value between 1 and 126 are class A addresses. The first octet then represents the network number and the other three octets the host number. Addresses in which the first octet has a decimal value between 128 and 191 are class B addresses. The first two octets then represent the network number, and the last two octets the host number. Addresses in which the first octet has a decimal value between 192 and 223 are class C addresses. The first three octets represent the network number and the last octet the host number.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 19

IP ADDRESSES : CLASSES

Nets : 128

Hosts : 16 777 214

Class A : NET ID 1st octet, Host ID 3 octets. 1st octet value from 1 to 126 Nets : 16 384 Hosts : 65 534

Class B : NET ID 2 octets, Host ID 2 octets. 2nd octet value from 128 to 191

Nets : 2 097 152

Hosts : 254

Class C : NET ID 3 octets, Host ID 1 octet. 1st octet value from 192 to 223

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 20

These address classes have resulted in wastage, in particular in regard to class B addresses because of the significant differences in capability between a class B network and a class C network.

Class D contains multicast addresses, 224.

Higher values (225 to 254) are class E addresses reserved for the IETF.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 20

IP ADDRESSES : FEATURES

Value 0 : represents ANY Host

150.10.0.0 represents any host on network 150.10 Value 1 : represents ALL Hosts 150.10.255.255 represents all hosts on network 150.10 127.X.X.X addresses are LOOPBACK addresses These addresses are never sent over the network

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 21

Some forms of address are reserved. The all-0 and all-1 forms are special values. 0.0.0.0 This address represents any machine not yet assigned an address. It use is allowed on startup (on booting, before determining the true unicast address). It is not a valid network address. network n + machine n set to 0 : Eg. : 150.10.0.0 Represents this network. network n set to 0 + machine n : Eg. : 0.0.20.30 The machine on this network. 127.x.x.x This address is reserved for loopback (local loop). It represents the machine and can be used for intercommunication between local processes. Client and server implemented in the same host. A packet with destination address 127.0.0.1 is looped in the IP layer and therefore never leaves the machine.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 21

IP ADDRESSES : FEATURES

Any station can be reached at its UNICAST address Eg. : 150.10.20.30 Any station can be reached at its BROADCAST address Selected broadcast Eg. : 150.10.255.255 Restricted broadcast : 255.255.255.255 Any station can be reached at its MULTICAST address MULTICAST addresses are structured : 224.X.X.X They are class D addresses and represent ALL hosts in a group IP V6 does not support Broadcasts but introduces the concept of ANYCAST: Any (at least one) host in a group
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 22

network n + machine n set to 1 : Eg. : 160.10.255.255 Selected broadcast for broadcasting on another network.

225.255.255.255 : Restricted broadcast for broadcasting on the physical network and not crossing routers (except in special configurations). 224.0.0.9 : Represents the Multicast address of routers running the RIP Version 2 routing protocol.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 22

IP ADDRESSES : MASK

The function of routing is to reach any host in a network Eg. : 150.10.0.0 The HOST part of the UNICAST address must be masked Eg. : 150.10.20.30 must be converted to 150.10.0.0 A logical AND must be applied to the UNICAST address and the mask value Configuring a mask entails: Setting the NET part to 1 and the Host part to 0 It is therefore sufficient to know the class Eg. : for network 150.10, class B, the mask will be: 255.255.0.0
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 23

Any IP machine must have at least one network mask, required for the routing function.

The mask is used to specify the net part (user, server or router) which the station must choose to route the IP packet.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 23

IP ADDRESSES : MASK

10010110 150 AND 11111111 255 10010110 . .

00001010 10 11111111 255 00001010 . .

00010100 20 00000000 0 00000000 . .

00011110 30 00000000 0 00000000

150

10

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 24

When processing a packet, IP applies a LOGICAL AND to the unicast address generated and the configured mask value. The objective is to obtain a logical AND result in the form: Net ID (n). 0, where n depends on the class so that the packet can be routed to the appropriate network. This means that once unicast address 150.10.20.30 has been applied, mask 255.255.0.0 will be presented in the form 150.10.0.0 for interrogating the routing table.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 24

IP ADDRESSES : FEATURES
IP network 192.1.1.0
192.1.1.1 192.1.1.2 192.1.1.3

Requirements Two stations separated by router: Different network N s Two stations connected with no router: Same network N s On same network: Different host N s

192.1.1.17 Router 128.15.1.1

An IP machine must know: - its IP address

128.15.1.13 128.15.187.1

- its subnetwork mask - at least one IP router address

IP network 128.15.0.0
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 25

In order to "exist", a station must have a unicast address and associated mask. The address of a router (generally default address) allows it to avoid being shut in to its own network. The station derives its "routing table" on the basis of this information.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 25

SENDING THE IP DATAGRAM

Logical network N1

Logical network N2

Packet ready to send C:\netstat -r network address 0.0.0.0 127.0.0.0 150.10.0.0 150.10.20.30 255.255.255.255 150.10.255.255 224.0.0.0 network mask 0.0.0.0 255.0.0.0 255.255.0.0 255.255.255.255 255.255.255.255 255.255.255.255 224.0.0.0 Gateway addr. 150.10.20.31 127.0.0.1 150.10.20.30 127.0.0.1 150.10.20.30 150.10.20.30 150.10.20.30

Routing table

Interface 150.10.20.30 127.0.0.1 150.10.20.30 127.0.0.1 150.10.20.30 150.10.20.30 150.10.20.30


TCP/IP

metric 1 1 1 1 1 1 1
Page 26

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

The IP layer which has a packet to send must determine the interface to which the packet must be delivered. This amounts to deciding the layer 2 (LAN, MAN or WAN) to which the IP must "pass" the datagram. It interrogates the routing table using the netstat r command to identify the interface to be used.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 26

SENDING THE IP DATAGRAM

Logical network N1

Logical network N2

Packet ready to send

Routing table

LAN

Interface

ARP cache
No Entry

ARP cache

08 20 02 12 63 48

150.10.20.30

MAC frame ARP request


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 27

After identifying the interface, the IP must know the type of protocol associated with the interface, depending on whether the procedure is LAN/MAN or not. This is because layer 2 will have to define a physical destination address associated with the layer 3 address. For LAN/MANs, this address is supplied by an ARP cache managed dynamically using ARP requests so that IP and MAC address can be mapped. An interesting feature of these requests is that they are Broadcast by layer 2. The broadcast function does not exist on WAMs and manual mapping is required. ATM represents a special case since it can be implemented on a LAN, MAN or WAN, in which case ARP mechanisms are provided by servers.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 27

ADDRESSING BY SUBNETWORK
Network 2 160.10.0.0 Network 1 150.10.0.0 S/Network 3 S/Network 1 S/Network 2 Network 3 170.10.0.0

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 28

Subnetworks are used to partition the network and segregate message flows.

The subnetwork address is configured in the Host Id part.

A mask is used to create subnetworks, forcing routers to "deepen" the analysis.

The number of subnetworks depends on the number of bits reserved in the Host Id field.

Subnetwork addresses which are all 0s or all 1s have a special function.

Example: up to six subnetworks can be configured using a three-bit subnetwork address.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 28

ADDRESSING BY SUBNETWORK Example: Class B address 150.10.0.0 can be subnetted using one of the masks below, depending on the number of subnetworks required

N of bits 2 3 4 5 6 7 8 9 etc.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Mask 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128

N of SNs 2 6 14 30 62 126 254 510


TCP/IP
Page 29

A second addressing level: subnetwork. The basic unicast address consisting of: <network n> <machine n > can be extended to: <network n> <subnetwork n > <machine n> The network n part remains unchanged (same addressing class, A, B or C). The subnetwork n part occupies some of the space reserved for the machine number. Its length in terms of bits varies (in contrast to the network part which varies in terms of the number of octets). The machine n part occupies the remaining space and its length also varies in terms of the number of bits.

The main advantage of this type of addressing lies in the fact that a single network (class A, B or C) can be subdivided into N IP logical subnetworks with exactly the same interconnection and routing rules as for single-level conventional hierarchical addressing.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 29

ADDRESSING BY SUBNETWORK

Network 2 160.10.0.0 Network 1 150.10.0.0 Network 3 170.10.0.0

S/Network 1 160.10.64.0 S/Network 2

160.10.128.0

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 30

The subnetworks (2-bit address) of network 160.10.0.0 are: 160.10.20.64.0

160.10.20.128.0

A station with address 160.10.20.30 before subnetwork creation must be renumbered.

In the first subnetwork, it becomes:

160.10.84.30

If it is installed in the second subnetwork, it becomes:

160.10.148.30

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 30

PRIVATE / PUBLIC ADDRESSING

RFC 1918
The following network numbers are not routed on the Internet

Class A 10.0.0.0

Class B 172.16.0.0 to 172.31.0.0

Class C 192.168.0.0 to 192.168.255.0

Natural segregation of private traffic from Internet traffic Requires the presence of an address translator Network Address Translator (Router function) The NAT does not replace the FireWall and/or Proxy Server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 31

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 31

ADDRESS TRANSLATION
Firewall

Internet
Translator

ISP

@priv1,150.10.20.30 @priv2,150.10.20.31 @priv3,150.10.20.32

@pubA,194.10.212.47 @pubA, 194.10.212.49 @pubA, 194.10.212.49

Dynamic management of a mapping table translating private/public IP @

Translator location In the Firewall In the router Types of translation N private @ to 1 public @ N private @ to M public @ 1 private @ to 1 public @

Example : N to M
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 32

The NAT (Network Address Translation) function solves the problem associated with the shortage of public addresses, and also provides protection for stations in the private network.

n private addresses can be associated with a single public address (front end router address). The router then separates flows by identifying client-server pairs in terms of application addressing (port N s).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 32

IP: DATAGRAM FORMATS


0 VERSION 7 LENGTH SERVICE TYPE TOTAL LENGTH IDENTIFICATION FRAGMENT OFFSET PROTOCOL CHECKSUM SOURCE IP ADDRESS 15

DF MF

TIME TO LIVE

Frame header

DESTINATION IP ADDRESS OPTIONS + PADDING

IP packet

Physical frame

CRC

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 33

VERSION (4 bits): IP version number. Current version: 4. LENGTH (4 bits): Total length of IP header expressed in 32-bit words. value: 5 (min=5, max=15 depending on the option field). TOTAL LENGTH (16 bits): IP datagram total length in octets. Default value: 20. SERVICE TYPE (8 bits): Type of service required based on the following criteria: reliability, bit rate, network transfer time. Rarely used (value 0). FLAGS (3 bits): bit 0 : bit 1 (Don't Fragment) : bit 2 (More Fragment) : 0 1 = fragmentation not allowed / 0 = fragmentation allowed 1 = intermediate fragmentation / 0 = last fragmentation Default

OFFSET (13 bits): Displacement relative to the first packet in the event of fragmentation. Default value: 0 (offset min=0, offset max=8191). IDENTIFICATION (16 bits): SDU identification. If fragmentation is used, each fragment has the same identification. TTL (Time To Live): Life span of the IP datagram expressed in seconds, but more often in number of hops. Default value:15 (min=0, max=255). PROTOCOL: Higher layer protocol code. TCP, UDP, ICMP, OSPF CHECKSUM: Header integrity check. SOURCE ADDRESS: IP address of the sending machine. DESTINATION ADDRESS: IP address of the recipient machine. OPTIONS: Options associated with the IP protocol: routing, route discovery, security, etc.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 33

ICMP : INTERNET CONTROL MESSAGE PROTOCOL

ICMP packet

Network 1

Network 2

Network 3

t IIP P packet ke p c pa ack et IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 34

ICMP is an administration protocol for managing the network layer. information on events relating to IP protocol.

It provides

Most ICMP messages are generated by routers and sent to packet senders to notify a problem in routing an IP packet. ICMP monitors the IP protocol. ICMP is implemented over IP. ICMP PDUs are routed on the network layer. ICMP sends information in a datagram to the IP packet sender in the following cases: destruction (in a router) following a routing problem, destruction following a life span (TTL) problem, destruction following an error in the header, destruction following a router buffer saturation problem,

- information relating to the recipient IP machine's accessibility. A better route may be possible using another router. In addition, ICMP manages basic information relating to the IP layer.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 34

ICMP: PACKET FORMAT

15

TYPE CHECKSUM

CODE

Frame header
IP header

Physical frame IP datagram

DATA

ICMP packet

CRC

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 35

The main ICMP messages sent by routers are listed below: Flow control ICMP_SOURCE_QUENCH Allows a gateway (or host) to notify network congestion and ask the sender to slow down transmission. No check is run on whether the source has effectively slowed down. Similarly, there is no message to tell the source that it can speed up again. Time_out ICMP_TIME_OUT This message indicates packet destruction due to TTL expiry. Header error ICMP_HEADER_ERROR Reports detection of an error making the datagram unusable. Checksum errors are not handled in this way since, in this case, the sender's IP address is not reliable. Errors generally relate to options. Error report ICMP_UNREACHABLE_DEST Notifies the sender of a datagram that it has not been delivered to the recipient. Generally indicates a routing problem or unavailable station.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 35

ICMP: PING UTILITY

Remote system activity test IP network transfer time


Ping 150.10.20.30 IP ICMP ECHO REQUEST 160.10.20.30

Network 1

Network 2

Network 3

IP

ICMP

ECHO REPLY

Note: a ping in itself checks IP layer activity only, and not the network board
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 36

The ping command is used to test host or router accessibility. The command uses the ICMP echo function. An ICMP packet (echo request) is sent and its receipt initiates transmission of a return ICMP packet (echo reply). These packets contain data whose length is configurable. There are numerous options for enhancing the ping command. The main responses to the ping are: Host is alive Reply from host Or in the event of a problem: Host unreachable Network unreachable No answer from host Time out Etc.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 36

ICMP REDIRECT

Network 3 Network 2

Server

2 R1 3 1 5
Default gateway:

R2

R1

Client

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 37

The ICMP_REDIRECT message is used by a gateway to tell a host that a better gateway exists. In general, this occurs when two gateways are present on the same network, and a host in the network has out of date routing tables leading it to use the less appropriate gateway. The message is not used between two gateways. The example above shows a conventional case of route optimization from a client station: 1 : First packet sent for the server to the default gateway. 2 : Router R1 transmits the packet to router R2. 3 : Router R1 tells the client that there is a shorter path for reaching the server's logical network: ICMP Redirect. 4 : Router R2 transmits the packet to the server. 5 : The client sends subsequent packets directly to router R2. All IP machines must be capable of interpreting a received ICMP_REDIRECT message.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 37

ICMP : TRACEROUTE UTILITY

Traceroute is a software tool for identifying nodes crossed by an IP datagram sent to a remote machine. Traceroute is based on the use of "TTL exceeded" ICMP messages.

ICMP TTL Exceeded

A B
TTL=1

R1
TTL=2

R2
TTL= 3

R3

...

Rn

TTL= n

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 38

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 38

DYNAMIC HOST CONFIGURATION PROTOCOL

Dynamic configuration of IP machine addresses (clients)


(DHCP is carried by IP broadcast in BOOTP packets to UDP)

DHCP client

DHCP client

I want an individual IP address

DHCP client

Here is your IP address X.X.X.X

DHCP server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 39

The widespread use of TCP/IP machines (PC terminals) on local networks has significantly increased administrator workload, and therefore the risk of errors associated with manual address management. The most common error is allocation of duplicated addresses. The BOOTP protocol (allowing diskless stations or X terminals to boot up on the network) provides mechanisms allowing a station which does not exist on the network to contact a server, even though it does not know its address. The DHCP protocol uses BOOTP as a support and provides a high degree of interchange flexibility for allocating an address dynamically. Dynamic Host Configuration Protocol is defined in the RFCs below: RFC 1533 "DHCP Options and BOOTP Vendor Extensions" RFC 1534 "Interoperation Between DHCP and BOOTP" RFC 1541 "Dynamic Host Configuration Protocol" DHCP has a facility for permanently storing client configuration parameters and dynamically or statically allocating an IP address. The server then supplies the address of the default gateway, together with the mask value. Depending on the type of network operation, a server can provide other information such as the address of the DNS server. The allocation can be either permanent or temporary. The function is described in terms of a "lease" which the client has to renew periodically.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 39

INITIALIZATION

DHCP DISCOVER
Source Address: 0.0.0.0 Dest. Address: 255.255.255.255

DHCP client

DHCP server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 40

In the initialization phase, the client sends a discover request by IP broadcast over the network. By default, the DHCP server must be on the same IP network since 255.255.255.255 restricted broadcast does not cross any routers. However, it is possible to overcome this problem by configuring the router so that it extends UDP broadcasts to the address of the server.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 40

SERVER SELECTION

DHCP OFFER
Source Address: 150.10.20.30 Dest. Address: 255.255.255.255 IP Address: 150.10.20.31 Subnet Mask: 255.255.0.0 Server Identifier: 150.10.20.30 Lease Length: 48 Hours

DHCP client

150.10.20.30

DHCP server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 41

On receiving the discover, the server or servers make an offer containing an IP address, a mask and lease length, together with any other configuration information, at the administrator's initiative.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 41

SERVER CHOICE / REQUEST

DHCP REQUEST
Source Address: 0.0.0.0 Dest. Address: 255.255.255.255 Req IP Address: 150.10.20.31 Server Identifier: 150.10.20.30 Requested Parameters........

150.10.20.30

DHCP client

DHCP server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 42

The DHCP client may make a selection if more than one server is offered, and then send a request to the selected server. However, these interchanges are still executed by IP broadcast.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 42

ATTACHMENT

DHCP ACK
Source Address: 150.10.20.30 Dest. Address: 255.255.255.255 IP Address: 150.10.20.31 Subnet Mask: 255.255.0.0 Server Identifier: 150.10.20.30 Lease Length: 48 Hours Default Gateway: 150.10.20.35 Other Requested Parameters....

150.10.20.30

DHCP client

DHCP server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 43

The DHCP server selected sends an acknowledgement (DHCP ACK) containing the address initially sent during the exploratory phase and a lease length valid for this address, together with TCP/IP network configuration parameters for the client. After receiving the acknowledgement, the client is attached and can now operate on the TCP/IP network and terminate the startup procedure. Client computers with the appropriate facility can store the received address locally so that it can be used on subsequent startups. When the lease is about to expire, the client attempts to renew the lease with the DHCP server. If the current lease cannot be renewed, the client receives a new IP address.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 43

RENEWAL

DHCP REQUEST
Source Address: 150.10.20.31 Dest. Address: 150.10.20.30 Req IP Address: 150.10.20.31 Server Identifier: 150.10.20.30 Requested Parameters........

150.10.20.30

DHCP client 150.10.20.31 DHCP server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 44

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 44

REATTACHMENT

DHCP REQUEST
Source Address: 150.10.20.31 Dest. Address: 255.255.255.255 Req IP Address: 150.10.20.31 Server Identifier: 150.10.20.30 Requested Parameters........

DHCP server

DHCP client 150.10.20.31

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 45

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 45

EXTENDED INTERSECTION

Extended

Extended

DHCP server 1

150.10.20.1 to 150.10.20.100

150.10.20.75 to 150.10.20.175

DHCP server 2

The DHCP client leases @IP 150.10.20.85 from DHCP server 1

@IP 150.10.20.85 from ERROR!! Duplicated address DHCP server 2


TCP/IP

The DHCP client leases

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 46

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 46

IP Layer : The essential

True or False
IP is named this way because it can interconnect any type of networks. An IP characteristic is as follow : Best Effort Delivery ; So, it s a protocol ideal for voice transmission. A broadcast packet never goes through routers. The mask is used for IP packets routing. A router has several IP addresses, one per each connected network. ICMP goal is to allow IP packets to go correctly to the destination. An IP host can not work correctly if DHCP is not managed. True False

False True True False False

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 47

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 47

Section 3 IP over LAN / MAN / WAN

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 48

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 48

IP OVER ALL NETWORKS

IP

LAN MAN Ethernet Token Ring FDDI DQDB Transparent

WAN Virtual circuit X.25, FR, ATM

LL, PSTN, ISDN

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 49

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 49

IP OVER ETHERNET / 802.3

Encapsulation - IP/Ethernet DIX V2 - (RFC 894)


Destination
48 bits

Source
48 bits

Type
16 bits

IP Header

Data

0x0800

IP datagram

Encapsulation - IP/IEEE 802.2/IEEE 802.3 - (RFC 1042)

Destination
48 bits

Source
48 bits

Data length
16 bits

DSAP
8 bits

SSAP
8 bits

Ctrl
8 bits

IP header

Data

IP datagram

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 50

The ISO 8802 standard is split into a number of parts: ISO 8802.1 defines the general organization of layers 1 and 2.

- ISO 8802.2 defines the higher part of layer 2, called LLC (LOGICAL LINK CONTROL), including a number of protocol types. The "type" field in the Ethernet DIX V2 standard is used to detect the higher level protocol. Standard 802.3 replaces this field with a length field, defining the length of the information field. However, it is still possible for these two methods to co-exist on the same LAN since the maximum length is 1500 octets and protocol type codes are set to a higher value.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 50

ADDRESS RESOLUTION PROTOCOL (ARP)

A B Router
Eth(B) = 080026235577 ARP Reply

ARP Request Mac Broadcast IP(A) = 150.10.20.30 IP(B) = 150.10.20.31 Eth(A) = 00 10 7B 38 52 EC Eth(B) = ?

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 51

The IP network logical address facilitates end-to-end addressing on a virtual IP network. Local routing using successive approximation (physical network) is based on MAC layer physical addressing. It is therefore necessary to map the destination IP address (intermediate router to end user machine) to the MAC address of this recipient. On broadcast networks (that is, networks with an MAC broadcast address), the ARP protocol handles address resolution dynamically. It updates a table (ARP cache) mapping IP and MAC addresses. It is based on a two-frame interchange: request sent by the IP machine with an IP packet to send to an IP machine whose MAC address it does not know. broadcast over the LAN (does not cross routers). contains the IP address to be mapped, among other information. reply sent by a machine (recognizing its IP address in the request) to the machine making the request. contains the required MAC address.

By default, the time-to-live of a line in ARP cache is limited to 30 seconds.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 51

PROXY ADDRESS RESOLUTION PROTOCOL (ARP)

A B

Router

Eth(Router) 00 00 0C 07 AC 01 ARP Reply

ARP Request Mac Broadcast IP(A) = 150.10.20.30 IP(B) = 160.10.20.31 Eth(A) = 00 10 7B 38 52 EC Eth(B) = ?
TCP/IP
Page 52

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

If the IP recipient is not on the same logical network as the machine sending the request, the MAC address received is not that of the final recipient, but the address of a recipient on the LAN (that is, the gateway router providing access to the destination network). Since the gateway router replies instead of the recipient, the operation is called proxy ARP.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 52

POINT-TO-POINT PROTOCOL PPP is a layer 2 protocol (HDLC type) Usable on transparent circuit with synchronous or asynchronous transmision Basic functionalities Link configuration and link option negotiation Protocol multiplexing by encapsulation and identification Link quality testing and error detection Authentication Header compression Choice of CRC Incorporates sub-protocols LCP (Link Control Protocol) IPCP (IP Control Protocol) NCP: Network Control Protocol
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 53

Two protocols are used to implement IP in transparent mode on a serial link or PSTN/ISDN circuit. The historic standard is SLIP (Serial Line IP). This very simple method, limited to Asynchronous Serial transmission (low rate), is now practically obsolete. PPP is a much more complete protocol and can even be used for direct transmission on a very high rate SDH link. PPP fully defines line management (layers 1 and 2), the encapsulation method and higher level (layer 3) protocol management using the serial link as the layer 2 bearer. It incorporates three elements: Datagram encapsulation method: Link control protocol: LCP. Network control protocol: NCP (layer 3 management protocols). IP control protocol: IPCP.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 53

PPP AUTHENTICATION PAP Password Authentication Protocol Plain text password CHAP Challenge Handshake Authentication Protocol
Secret password Challenge (random) Challenge (random) Secret password

MD 5

MD 5

PPP client
Reply

rcvd

OK or OK
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

= calc
TCP/IP

PPP server

Page 54

PPP incorporates identification and authentication mechanisms. Password Authentication Protocol (PAP) is used for simple identification by interchanging a password associated with a user name. However, the password is transmitted "in plain text", and the number of attempts is unlimited. The CHAP protocol is more effective. Challenge Handshake Authentication Protocol works on the principle of a "question of the day". Identification-authentication involves an encrypted interchange and only one attempt is permitted. In addition, the encrypted sequence is not permanent and copying it does not guarantee access. Each time the link is established, a new challenge is proposed. The PPP protocol also has a callback mechanism for guaranteeing security on switched access (for example, ISDN).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 54

IP OVER MULTIPOINT WAN : IP OVER X.25

LAN 1

@X121 R1 @X121 R3

LAN 3
@X121 R2

X.25 network Routing table

LAN 2 Address table


@IP R1 Wan --> @X121 R1 @IP R2 Wan --> @X121 R2

LAN1 --> @IP R1 Wan LAN2 --> @IP R2 Wan

PLP X.25 HDLC X.25

IP 802.2 802.3/5 ARP table


@IP --> @MAC ...

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 55

Packet mode, X.25 and FR wide area networks are based on setting up virtual circuits either statically or dynamically. It is therefore necessary to implement a module for managing these circuits transparently for IP. Since broadcast mechanisms do not exist on these networks, it is not possible to dynamically load the ARP cache. For this reason, the link must be established manually between the IP address and either the X.121 address for an SVC (Switched Virtual Circuit), or the LCN (Logical Channel Number) for a PVC (Permanent Virtual Circuit). The use of X.25 for transporting IP datagrams incorporates a special feature. Encapsulation is used from layer 3 to layer 3. The IP datagram is encapsulated in an X.25 data packet which itself is encapsulated in an X.25 frame.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 55

IP OVER MULTIPOINT WAN : IP OVER FR

LAN 1

DLCI R13 DLCI R31

LAN 3 FR network
DLCI R23 DLCI R32

Routing table LAN 2 Address table


@IP R1 Wan --> DLCI R31 @IP R2 Wan --> DLCI R32 LAN1 --> @IP R1 Wan LAN2 --> @IP R2 Wan

IP Frame Relay 802.2 802.3/5 ARP table


@IP --> @MAC ...

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 56

The use of Frame Relay for IP transport has now replaced X.25. The same principle is used, except that to date Frame Relay is used in PVC mode only, and therefore setup/release phase management is not required for the virtual circuit. Mapping layer 3 and layer 2 addresses consists of associating the IP address of the remote router with a logical connection identifier, called the Data Link Connection Identifier (DLCI).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 56

IP OVER MULTIPOINT WAN : IP OVER ATM

LAN 1

VPI/VCI R13 VPI/VCI R31

LAN 3 ATM network


VPI/VCI R23 VPI/VCI R32

Routing table LAN 2 IP 802.2 AAL/ATM 802.3/5 ARP table


@IP --> @MAC ... LAN1 --> @IP R1 Wan LAN2 --> @IP R2 Wan

Address table
@IP R1 Wan --> VPI/VCI R31 @IP R2 Wan --> VPI/VCI R32

Frame Relay
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 57

The use of ATM for IP transport is at present mainly reserved for operator and very large business backbones. The operating principle is the same as for Frame Relay. ATM is also used in permanent virtual circuit mode, and the IP address of the remote router is mapped to the VPI-VCI (Virtual Path Identifier-Virtual Circuit Identifier) identifying the circuit.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 57

IP bearers : The essential

True or False
IP packets are segmented into packets of 1500 bytes for delivery to the lower layer. ARP allows to find an IP host by knowing the MAC address. PPP is a protocol at the same layer as Ethernet 2 LANs may be connected through the PSTN using PPP. 2 PCs can be connected together by serial link, in order to make an IP network. This local network can be connected to the Internet, by linking one of them by modem. As IP can be placed above any type of physical network, it can be implemented in the mobile networks. An IP host may be a router, by only adding specific software.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

False False True True True True

True True

TCP/IP

Page 58

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 58

Section 4 TCP/IP : TRANSPORT LAYER

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 59

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 59

APPLICATION-ORIENTED ADDRESSING

Appli X Client

Appli Y Server

Appli Z Server

Appli X Server

Appli Y Client

Station A

Station B

TCP - UDP IP

Source port-Destination port

TCP - UDP IP

Physical network : layers 1 and 2


Port number: Communication local identification Socket: Association of IP address and port number Communication: Association of Server and Client sockets, transport type (TCP / UDP)
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 60

Layer 4 (transport) provides an end-to-end service between communicating applications (processes). In TCP/IP architecture, two transport protocols are used to perform this function. The transport service provided by Transmission Control Protocol (TCP: reliable transport mode) and User Datagram Protocol (UDP: non-assured transport mode for transactional traffic) is an addressing service for communication between two application processes. Any process wanting to communicate with a remote process is identified on the transport layer by a port number (encoded on 16 bits). A complete layer 4 address therefore incorporates two fields: IP address identifying the Host on the logical network, port number identifying the application within the host.

In TCP/IP terminology, this address is called a "socket". Each application process has an address of this type. Two processes therefore communicate by associating two sockets. An application stream (communication channel) between two processes is defined by: - local IP address, local port number, remote IP address, remote port number, type of transport. The "type of transport" field allows either TCP or UDP transport to be used for a given application.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 60

WELL KNOWN PORTS

Number 20/tcp 21/tcp 23/tcp 25/tcp 53/udp 67/udp 68/udp 69/udp 79/tcp 80/tcp 88/udp 109/tcp 110/tcp 111/udp 161/udp 162/udp 512/tcp 513/tcp 520/udp

Services file
Protocol Keyword ftp-data ftp telnet smtp domain bootps bootpc tftp finger www-http kerberos pop2 pop3 sunrpc snmp snmptrap exec login router

File Transfer Protocol [Default Data] File Transfer Protocol [Control] Telnet Simple Mail Transfer Protocol Domain Name Server Bootstrap Protocol Server Bootstrap Protocol Client Trivial File Transfer Protocol Finger World Wide Web HTTP Kerberos Post Office Protocol - Version 2 Post Office Protocol - Version 3 SUN Remote Procedure Call SNMP SNMP TRAP Remote Process Execution Remote Login RIP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 61

Port numbers can be assigned in three ways: port number specified in the code, port number read in a configuration file, port number assigned by the system.

The port number is assigned to the client when it requests a connection (TCP) or when it sends data (UDP). Port numbers are reserved. They are used by standard application services such as ftp, telnet, etc. The application connection is always initiated by the Client, and the server monitors the port representing the application. Two client-server relations cannot be confused since each session is assigned a port number dynamically (port mapper function), and the application address also consists of two data fields: Application port n , static - session port N , dynamic Application port N s known to the system are listed in the services file.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 61

TRANSMISSION CONTROL PROTOCOL

Connection-oriented mode 3 Phases : Set-up - Transfer - Release Reliable transfer mode Fragmentation (octet stream) Guaranteed sequencing Error recovery (timer protection) Window flow control "Forced delivery" option PSH flag "Urgent data" option URG flag

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 62

Sequencing The TCP layer is capable of fragmenting data it receives. Although the TCP service is a "continuous octet stream" service, TCP sequences the segments transmitted by allocating sequence numbers. The sequence number representing a volume of data is also used for acknowledgement purposes. Error recovery Since IP is by design not reliable, TCP must know how to detect loss of octets and recover this condition. Detection is based on a timed acknowledgement mechanism, and recovery is based on retransmission. Flow control The flow control mechanism in TCP window. This window represents a volume of receiving at a given time. The receiver therefore manages the connected. Since transfer is full-duplex, the same ends (send and receive). is based on the use of an anticipation octets which the receiver is capable of window for the sender to which it is independent mechanism is used at both

In the event of congestion, failure to update the window results in transfer termination, avoiding data loss. TCP uses a set of pointers for managing operating mechanisms.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 62

TCP: CONNECTION SET-UP

TCP client A
<SYN> Snd SEQ N : 3256 <ACK> Snd SEQ N : 3257 Ack SEQ N : 2651

TCP server B
<ACK> <SYN> Snd SEQ N 2650 Ack SEQ N3257

IP network

IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 63

Connection phase During this phase, the transport connection is set up between the two remote processes. Each end of the link initializes the connection using the SYN pointer. Each request is acknowledged by the ACK pointer and Seq N +1. This means that there are two logical connections between the two processes: one for each transmission direction, each set up on the send side. These two connections are totally independent (characteristics / parameters, use, etc).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 63

TCP: DATA TRANSFER

Client Appli

TCP
SYN 3256

IP network

TCP

Server Appli

S e t u p T r a n s f e r

ACK 3257, SYN 2650 ACK 2651 PSH 3257, ACK 2651, lg=100

ACK 3357, PSH 2651, lg=500 ACK 3151 ACK 3357, PSH 3151, lg=200 ACK 3357, PSH 3351, lg=600

ACK 3951

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 64

Transfer phase During this phase, the two processes simultaneously interchange a bidirectional octet stream (TCP-PDU). For TCP, the unit of transfer is the segment. Each segment contains n octets of the N octets in the message sent by the application. TCP does not therefore provide a block transmission service. It provides a send/receive service for a linear stream of octets with no separator and no structure. The application process cannot force TCP to delimit the blocks it sends. The remote process must be capable of rebuilding the blocks received and therefore finding the block separators (applications!) in the linear stream of octets received from TCP. Information transfer by TCP is guaranteed in sequence, error free and with no losses. Transfer reliability is guaranteed by acknowledgement mechanisms, send/receive sequence numbers and the ACK pointer. A PUSH pointer forces delivery without waiting for a complete segment, such as transmission of a single character, and an URG pointer forces transmission even if the window is blocked for flow control purposes.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 64

TCP: CONNECTION RELEASE

TCP client A
<END> Snd SEQ N 3357 <ACK> Snd SEQ N 3258 Ack SEQ N3952

TCP server B

<ACK> <END> Snd SEQ N 3951 Ack SEQ N3258

IP network

IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 65

Disconnection phase This phase consists of two fully asynchronous sub-phases. TCP disconnection is secured insofar as it must be executed at both ends. In fact, there is a send disconnection for each TCP layer. This disconnection is acknowledged and any data not sent is sent before the disconnect TCP-PDU. On receiving a disconnect request, the TCP knows that the sender has no further data to send. The receiving TCP can continue to send. Disconnection is complete when TCP has sent its request. This type of disconnection is normal and guaranteed with no loss of data. The END pointer is used for disconnection. A sudden disconnection facility exists: Use of the RESET pointer (possible data loss).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 65

TCP : FORMAT
0 7 SOURCE PORT N DESTINATION PORT N SEND SEQUENCE NUMBER ACKNOWLEDGEMENT NUMBER OFFSET RESERVED WINDOW CHECKSUM URGENT POINTER OPTIONS + PADDING URG ACK PSH RST SYN FIN 15

Frame header IP header


Physical IP packet frame

TCP segment

crc

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 66

SOURCE PORT: TCP port of the application sending the segment. DESTINATATION PORT: TCP port of the application receiving the segment. SEQUENCE NUMBER: Sequence number of TCP segment sent. ACKNOWLEDGEMENT NUMBER: Acknowledgement number for the TCP segment sequence number. OFFSET: Indicates the position of the data in the segment from the beginning of the header (expressed in number of 32-bit words). CHECKSUM: TCP segment check, pseudo-header containing the destination IP address. WINDOW: Number of octets which can be transmitted before acknowledgement. URGENT POINTER: Segment contains urgent data (if URG = 1). FLAGS: URG ACK PSH RST SYN END : : : : : : Indicates presence of urgent data in the segment Acknowledgement number validation Indicates that data must be sent immediately (push) Indicates a connection reset (connection break) Connection set-up End of connection: release Allows interchange of optional information between modules (not used).

OPTIONS:

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 66

USER DATAGRAM PROTOCOL

Connectionless mode transport protocol Transactional traffic oriented Also used by applications which have control over transmissions (eg.: tftp) In network terms, reduced overhead compared to TCP UDP packet checksums calculated in a pseudo-header (UDP header + source and destination IP addresses sent are replaced by IP source and IP local ports in receive mode) Used by NFS, BOOTP, TFTP, SNMP, RIP, ...
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 67

UDP protocol can be thought of as an empty layer offering a simple layer 4 addressing service. It does not improve the service provided by the IP layer. It provides a simultaneous bidirectional transport service in datagram mode (block-oriented). UDP protocol therefore has only one T-PDU: a data PDU! UDP provides the following service: creation of send or receive ports, receipt of T-PDU with data communication and the sender's socket reference (IP address, port number), data sending with processing of parameters forming the send and receive T-SAP (socket).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 67

UDP : FORMAT

7 SOURCE PORT N DESTINATION PORT N LENGTH CHECKSUM

15

Frame header IP header IP Physical packet frame

DATA

UDP segment

CRC

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 68

SOURCE PORT

Port sending the datagram.

DESTINATION PORT :

Port to receive the datagram.

LENGTH

Total length of the UDP packet.

CHECKSUM

UDP packet integrity check (checksum calculation is optional and a 0 value indicates that the checksum has not been calculated). Same checksum calculation method as in IP and TCP.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 68

SOCKET INTERFACE

Development interface for communication between remote processes The "socket" interface is derived from BSD UNIX 4.2. It generalizes interprocess communication and allows development of network-based client-server applications Sockets are used as interfaces with communication protocols Among other things, they allow a port N (application) to be associated with an IP address (host) They make TCP/IP protocols transparent to applications

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 69

Each application process using TCP/IP is identified by a data pair consisting of the machine's IP address and a local port number (relative to the machine). This reference is called the socket and therefore represents the programming interface for access to the Transport service in TCP/IP architecture. The reference consists of a set of primitives for accessing TCP and UDP transport services. The interface provides a resource for communication between Client and Server processes. The two processes can be running on the same machine or on two remote machines. A socket is a communication point with a domain, name and type. Domain: Specifies the type of protocol used: UNIX : process on the same UNIX machine. INET : remote processes communicating via TCP/IP protocol.

Name: Defines the socket reference. The reference content varies according to the socket domain. Type: Determines the way in which data is routed. In the TCP/IP domain, there are three possible types: STREAM, DATAGRAM or RAW.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 69

Transport layer : The essential

True or False
All the applications must use TCP or UDP to access the IP network. If an application is associated to a port number, it means that this application is connected to the Internet at this moment. The checksum on the TCP/UDP header also allows to verify parts of the IP header. TCP is defined as reliable because it has 3 working steps : Establishment, Transfer, Release. A WEB server will always listen on its dedicated port (port 80). Either, this server will not work at all. All TCP messages must be acknowldeged. If UDP is used to send data, the transmission may become reliable by adding controls in the application layer part.
TCP/IP

False False

True False

False

True True

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 70

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 70

Lower layers : The essential

Complete the following protocols stack : Applications Ping, traceroute, ... Applications protocols Sockets (Port + @IP)

TCP (Reliability,
Robust)

UDP

(Speed, Simple)

ICMP

IP

(Routage)

Interfaces Ethernet+ARP PPP/SLIP AAL5 Gateway

LAN

RTC

ATM

X25

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 71

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 71

Section 5 TCP/IP : APPLICATIONS

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 72

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 72

NAME SERVICE

The user manipulates server names and the network manipulates a server IP address. Problems: Finding an IP address based on a host name More than one type of name TCP/IP name: standard Used by applications such as http, ftp, smtp, snmp, Netbios name: Windows/Microsoft name Used by Netbios applications (SMB sharing, )

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 73

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 73

NAME-IP ADDRESS RESOLUTION

"Static" resolution Host (standard) or lmhosts (Netbios) file 150.10.20.30 Mon_Host 150.10.20.31 Ton_Host "Dynamic" resolution DNS Standard TCP/IP name resolution Replaces the hosts file WINS Netbios resolution Replaces broadcasts and lmhosts file

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 74

DNS (Domain Name Service) is a standard protocol for resolving machine names (symbolic) into IP logical addresses (used by communication protocols). It is especially designed for large TCP/IP networks (DNS is used on the Internet). Historically, TCP/IP users directly specify the IP addresses of the corresponding applications. These addresses are then replaced locally by host names using a hosts file. Nowadays, DHCP servers have a facility for managing the hosts file.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 74

DNS RESOLUTION

History Impossible to load a hosts file into all Internet stations Domain Name Service standardized by RFC Principle Names organized hierarchically in a Domain Name Tree Simple request / response interchange protocol Uses UDP and TCP Cooperation between servers forming a network

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 75

For very large networks, maintaining local "mapping" files soon became impossible. Initially, for the Internet, the NIC had a file with all existing (name, IP address) pairs which stations could download via ftp. These mechanisms were superseded by a network of DNS servers. The DNS system is therefore both a system for naming machines in a TCP/IP network and an address resolution protocol (mapping machine names and IP addresses).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 75

DOMAIN NAME TREE

.
ru com fr jp

alcatel

alcatel

alcatel

co

mow
www.mow.alcatel.ru

usa
www.usa.alcatel.com

europe
www.europe.alcatel.fr

alcatel
www.alcatel.co.jp
TCP/IP
Page 76

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

DNS is based on the concept of a naming hierarchy which involves partitioning the naming space and arranging it as a tree. A machine name will therefore be complex and referenced relative to the location of the machine on the tree. This type of name breakdown and mapping administration (name, IP address) is similar to the hierarchical organization in a large company with divisions split into departments which in turn are divided into sections. Each manager on each hierarchical level has a degree of authority and autonomy within his or her domain. DNS is based on this principle and a machine name becomes: - hostname.sub_domain. ... .root_domain where: hostname : machine name (lowest level), sub_domain : intermediate administration subdomain, root_domain : highest administration domain (on the tree).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 76

TOP LEVEL DOMAINS ON THE INTERNET

Open to all Com : Commercial (highest demand!) Edu : universities Net : network domain companies Org : miscellaneous organizations Int : international (little used) Reserved for United States Gov : American government And also Mil : American military Firm : Business (to alleviate .com) Shop : Trader Country (ISO naming) Web : Company working for the Web Fr : France Arts : Culture and events Rec : Recreation and leisure Uk : United Kingdom Info : Content editors, media Ru : Russia Nom : Personal home pages
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 77

Each name (except on the lowest level) represents a DNS domain which forms an administration and autonomous management entity over which an administrator has authority and therefore manages internal mapping (name, IP address). Internet naming is based on the principles above. Root domain names are listed below: edu : gov : com : mil : fr, us : Note: The example is incomplete and does not show the full extent of the current name space on the Internet. The hierarchy has no specific root. On the Internet, the NIC (AFNIC in France) is the authority managing subdomain assignment. The tree structure in independent of physical network structure. Universities and schools, Government agencies, Businesses, Military administrations, Countries (France, United States).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 77

RECURSIVE SEARCH

.
2 3

Root servers

com
4 5

fr alcatel europe

www.europe.alcatel.fr
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

www : 198.64.191.11
TCP/IP
Page 78

For system security (in the event of failures), the name server (primary server) function is duplicated in one or more secondary name servers. On initialization and then at regular intervals (programmable period), each secondary name server downloads the domain local mapping database from the primary server. Each name solver must know of the existence of these secondary servers and be capable of switching over to a secondary server if the primary server does not respond. Name / address translation is handled by name servers which cooperate and respond to requests sent by client programs called name solvers. At design level, each domain has a name server which resolves domain internal mapping by cooperating with adjacent name servers (higher or lower level). The name solver generates a request specifying the machine name (full name) and type of resolution required (recursive or non-recursive). For non-recursive resolution, the name server returns a list of servers to be contacted. In this case, the name solver (client) contacts another name server.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 78

FORWARDER TYPE SEARCH

4 3

A
Forwarder : B 1

Server A extends the request to B If server B fails, A executes a recursive search

www.europe.alcatel.fr ?
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 79

If there is no local translation function, the server uses the procedure below: for recursive resolution: The name server contacts other name servers and returns a response (positive or negative) to the client name solver. for non-recursive resolution: The server returns a list of name servers likely to know the name-IP address mapping. The client name solver then sends the request to another name server. Note: This mechanism means that all clients must know at least one name server and that all name servers know at least one other server. Performance: A cache mechanism exists in each name server. It stores previous mappings for names outside the domain (local mappings are in the database). Each entry stored contains a TTL (Time to live). The cache is therefore regularly refreshed. Some name solvers keep their own list of translations already executed. In this case, a request from a user program can be resolved without sending a request (network) to a server.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 79

FTP

ftp>

Client
x y 21

Server
20

TCP IP Data Control

TCP IP

Control connection, Port 21 File transfer initialization and parameters Activation of remote commands Data connection, Port 20 Information transfer (files, results, ...)
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 80

The FTP application satisfies the client-server model by allowing access to the remote files, regardless of the OS run by each system. FTP facilitates: creation, deletion, renaming of remote files/directories, two-way transfer of ASCII, binary or EBCDIC files, navigation through the remote file management system, with directory content display, file transfer between two remote hosts, controlled by the local host, writing local macrocommands, with parameter transfer and limited loops, a condensed file name list using special characters, file name character substitution for non-UNIX remote machines using a different syntax, and complex pattern substitutions in the names of files transferred.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 80

FTP : EXAMPLE OF DIALOGUE


Client (150.10.20.30)
ftp serveur username password 331 Password required PASS password 230 User username logged in ascii, binary, mode, ... 220 Commands successful PORT 150,10,20,30,4,45 200 Port Command successful ls, dir, get, put LIST, RETR, STOR Data connection set up to client port 1069 150 ASCII data connection for /bin/ls 226 ASCII transfer complete List, file requested ........ Data connection closure on port 1069 bye, quit 221 Goodbye ... Control connection closure
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Control connection set up to server port 21

Server (150.10.20.31)

220 Server ready USER username

Connection

TYPE / STRU / MODE

Transfer

QUIT

Disconnection
TCP/IP

Page 81

FTP requires two connections: A control connection (always using port 21 on the server) for commands and responses controlling the transfer. A data connection (always using port 20 on the FTP server) for interchanging the data. A data connection is opened, used then closed for each file transfer.

Each local reference on the client side consists of a port number dynamically assigned by the system. Interchanges on the control connection define the nature of the transfer or service requested. They include identification information as well as requests and error messages. The data connection is normally set up by the server when information transfer is about to start. In practice, the accepting port is always provided for the data connection initiator via the control connection: either by the client in a special command (PORT...) sent to the server before initiating transfer, or by the server in response to a command asking it to wait for data connection receipt.

FTP transfer can be protected by login mechanisms, user_name, password. Similarly, it is possible to restrict the client to a home_directory with read-only access, for example.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 81

FTP : USER COMMANDS

FTP user commands depend on implementations Commands are executed either locally or in the remote machine. Example: lcd : change local directory cd : change remote directory Some commands are redundant Example: bye and quit, get and recv, put and send, etc

append ascii bell binary bye cd close delete debug dir form get hash glob

help lcd ls mdelete mdir mget mkdir mls mode mput open prompt put pwd

quit quote recv remotehelp rename rmdir send sendport status struct tenex trace ? !
TCP/IP
Page 82

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Responses sent by the ftp server consist of a decimal digit triplet, followed by a space character then a comment not defined by the protocol. The three digits in the triplet each have a particular meaning. The first digit defines the response category. 1yz introduces a preliminary response (before command execution), 2yz introduces a positive termination response, 3yz introduces a positive intermediate response, 4yz introduces a negative termination response due to a phenomenon which is probably temporary, which means that a positive response is likely if the command is repeated, 5yz introduces a negative termination response which is probably conclusive (pointless repeating the command).

The second digit defines the domain to which the response relates. x0z indicates a response concerning the syntax, x1z indicates a response concerning general information, x2z indicates a response concerning connection set-up / release, x3z indicates a response concerning identification / authentication, x4z is unspecified, x5z denotes a response concerning file management.

The third digit identifies each response with the same categories and domains.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 82

WORLD WIDE WEB

HTTP protocol Web Browser


URL : Uniform Ressource Locator Protocol://Server-Name:Port/Resource http://www.estnet.ee/mart/rfc/index.html HTML page interpreted by a Browser, containing: ASCII text describing the page display (tags, text) Pictures in gif or jpeg format Hypertext links to other pages or URLs Javascript or VB scripts run on the client Java Applets or Active X controls run by the client
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Web Server

TCP/IP

Page 83

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 83

SECURE SOCKET LAYER

1 Client Hello

3 Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec 4 Data Exchange


1: 2: 3: 4:

2 Server Hello Certificate ServerKeyExchange CertificateRequest ServerHello Done

4 Data Exchange

Client sends a "hello" message to the target server Server returns a digital certificate containing the server's public key Client generates a random session key and returns the key encrypted using the server's public key Once secured protocol has been established, all documents are sent encrypted symmetrically in both directions (RC4)

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 84

SSL is an intermediate layer between TCP/IP and its applications. It is independent of the application protocol and provides a set of APIs for applications. Security: The connection is private. Creation of a protected channel between client and server. Terminal identities can be authenticated. The connection is safe (alteration, modification). Key generator and hash functions. Negotiation and session management protocols. X.509 format certificates. RC4 : MD5 40-bit symmetric encryption: Integrity, DSS: Signature 512 bits. Various protocols for: Negotiating security parameters. Mutual authentication (TLS). Instantiation of negotiated security parameters.

SSL components:

Encryption algorithms:

- Error report. SSL uses reserved IANA ports. https (HTTP with SSL, port 443), snews (NNTP with SSL, port 563), ssmtp (SMTP with SSL, port 465), ssl-ldap (port 636), spop3 (96)
Page 84

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

ELECTRONIC MESSAGING : E-MAIL POP A.Dupont's POP server in domain aile.com Message sent by albert.dupont@aile.com to jacques.dupond@alcatel.fr SMTP

SMTP

Jacques Dupond's IMAP server in domain alcatel.fr

IMAP

Mail received from albert.dupont@aile.com


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 85

SMTP protocol (Simple Mail Transfer Protocol) is extremely widely used for exchanging interpersonal mail over a TCP/IP network. In contrast to OSI, SMTP incorporates no sophisticated presentation concepts or powerful retry mechanisms. In common with the main TCP/IP architecture applications, SMTP is based on simplicity and pragmatism. The main SMTP RFCs are: RFC 821 for the protocol, RFC 822 for mail message format and RFC 974 for the message routing method. Command Domain Mailbox : : : Request sent by the client SMTP. Hierarchic structured address of a host in the messaging system. Sequence of characters of any length denoting a user. The standard naming rule stipulates that an address consists of two fields, "user" and "domain", separated by the "address" character: @ Command positive or negative acknowledgement. SMTP responses follow exactly the same rules as FTP responses and consist of a three-character code followed by an additional information field for human operators rather than automated processes.

The main terms used in SMTP are explained below: -

Response

eg : "220 Hello, this is the SMTP flag".

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 85

SMTP : EXAMPLE OF DIALOGUE

SMTP Client
TCP connection set-up to server port 25 220 Server ready

SMTP Server
Connection Synchronization
HELLO SMTP client

250 Server SMTP OK MAIL FROM username 250 Sender Ok RCPT TO username1 250 Recipient Ok RCPT TO username2 550 User unknown DATA 354 Enter mail; end with <CRLF> <CRLF> Message ... <CRLF> <CRLF> 250 Mail accepted QUIT 221 Service closing transmission channel TCP connection release

Identity of Sender and Recipient(s)

Message transfer

Disconnection
TCP/IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 86

SMTP operates on a single TCP connection initialized by the user client. SMTP acts both as a UA (User Agent) and MTA (Message Transfer Agent) in terms of OSI messaging. However, in SMTP the transfer is always initiated by the sender. This means that, under normal circumstances, a connection from SMTP client to SMTP server to receive mail is never set up. Interchanges are based on a very simple principle. Set up the TCP connection. Synchronize the two SMTPs. Specify the sender's identity. Specify recipient identity or identities. Send the message. Terminate the connection.

Note: It is so easy to attach a file to an e-mail message that nowadays many servers become saturated with large attached files, impeding their primary function.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 86

TELNET

Client

$ telnet server $ login : My_name $ password :

Server

23

TCP IP

TCP IP

Characters typed on the keyboard are sent to the telnet server All characters received from the server are displayed All characters displayed are received from the server
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 87

The TELNET (Telecommunication Network) protocol is in fact a combination of two completely different concepts which are often confused: TELNET is first and foremost a virtual presentation standard for communication between two processes on any two machines (not necessarily UNIX). It provides two basic services: firstly, a virtual terminal (NVT, Network Virtual Terminal) comprising in particular minimal presentation common to all machines implementing TELNET. secondly, a set of PDUs allowing two cooperating processes to negotiate miscellaneous options.

TELNET is also the name frequently given to the application used by a terminal (or process) for accessing the operating system of another machine. In this case, login, identification and authentication procedures are used. These concepts are associated with each machine and are not therefore defined in the TELNET standard.

NVT presentation. TELNET is normally used between a real terminal and an application process. However, it can be used between two terminals or two processes. In any case, the process or processes are responsible for adapting the actual presentation used locally to the NVT virtual presentation. It is also possible, using negotiation PDUs, to change all or some of the NVT presentation rules. However, changes must be implemented by common agreement and any implementation must know how to manage standard NVT presentations.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 87

TELNET

Server Telnet : Cisco Router


Terminal Type option negotiation request IAC WILL ECHO IAC WILL SUPPRESS-GO-AHEAD IAC DO TERMINAL_TYPE IAC DO NAWS (Negotiate About Window Size)

Client Telnet : PC
TCP connection

IAC DO ECHO

OK to negotiate

TELNET DATA : Cisco> IAC WILL ECHO IAC DO SUPPRESS-GO-AHEAD IAC WILL TERMINAL_TYPE IAC WONT NAWS (Negotiate About Window Size) IAC SB (Start of Subnegotiation Parameters) DATA : ANSI IAC SE (End of Subnegotiation Parameters)

IAC WONT NAWS (Negotiate About Window Size) TCP/IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 88

TELNET provides an option negotiation mechanism so that processes can negotiation some options. There are two types of option: options whose implementation or non-implementation is sufficient in itself (for example, the echo option). These options are negotiated using the WILL, WONT, DO, DONT PDUs. options whose implementation requires additional information (for example, actual terminal_type indication). In this case, SB and SE PDUs are used. However, the PDUs above must have been used beforehand to negotiate the implementation of such options.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 88

TFTP

Trivial File Transfer Protocol - RFC 1350 TFTP is a file transfer protocol based on connectionless mode transport (UDP port 69). TFTP is used to transfer files in ASCII and BINARY mode. TFTP provides limited security (no user identification) and for this reason its use must be limited. TFTP protocol is based on five packet types. Each packet sent from client to server must be acknowledged. TFTP is sometimes used for downloading configurations over the network (terminal server, X terminals, router, etc).
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 89

TFTP protocol (Trivial File Transfer Protocol) is a basic file transfer application. It complies with a client-server model for single file transfer between two machines using UDP transport protocol. It is very simple to implement, very economic in terms of disk, ROM and CPU resources, and particularly suited to downloading diskless machines. In practice, it is installed in the diskless machine's ROM and run after RARP or BOOTP type protocols which determine the equipment's IP address. The TFTP client sends a request to a TFTP server at "wellingtonia port" 69 on the server. The client's source port is allocated by the system. The request defines the transfer characteristics. It initializes a TFTP application connection which entails associating a free port number chosen by the server (port number dynamically allocated by the system on the sendto) with the client's port number (source port number in the request). When the connection has been correctly set up, transfer is executed in "send and wait" mode. The sender sends the file in fixed size blocks (512 octets) and waits for an acknowledgement before sending the next block. Blocks are numbered. A block of less than 512 octets indicates the end of file. Timers are started by sender and receiver. This means that the loss of a data block or acknowledgement does not stop the transfer. The last data block must be acknowledged. The receiver then assumes that the transfer has terminated successfully. An impossible request or error during transfer causes transmission of an error packet which terminates the process and ends the transfer.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 89

NFS Network File System - RFC 1094 (specified by SUN Microsystems) NFS is used for file sharing in heterogenous environment NFS protocol is based on RPCs (Remote Procedure Call) NFS is hardware and system-independent. It is based on a presentation layer: XDR (eXternal Data Representation)

NFS XDR RPC UDP IP


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 90

The Network File System allows each user to access files which can be physically located on other machines, without explicit copy transfer. NFS was designed to be independent of the operating system. In particular, files can be shared by UNIX machines and also by UNIX and PC machines in DOS or OS/2, etc. The NFS service therefore provides access to remote file systems. A machine is an NFS server if it allows other machines access to all or part of its local file system. An NFS server is said to "export" or "share" its files, which means that it allows clients to access exported files. An NFS server receives a number of requests and returns a result in a response. A machine is an NFS client if it accesses files exported by an NFS server. An NFS client is said to "import" files. Importing allows a client machine to access remote files using read/write operations resulting in RPC request transmission (Remote Procedure Call). NFS uses RPCs and XDR (eXternal Data Representation). It is usually implemented using UDP transport.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 90

REMOTE PROCEDURE CALL

RPC protocol allows a program running on machine A to call a routine on machine B and remotely execute some of its operations.

CLIENT Request

SERVER 4

Service user

Service provider
1

Response 3

Port Mapper

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 91

Remote procedure call (SUN) is used by a process to call a procedure (function) to be executed on another machine. RPCs provide: a mechanism for addressing the remote procedure, a mechanism for encoding parameters, a call mechanism (transmission of an RPC request), execution of the remote procedure.

The RPC service model is a client-server model in which the distributed application is divided into two parts: a client part: This part of the application requests a service not provided locally. calls the service procedure. a server part: This part of the application is asked to provide a service. remotely. It

It is called

For the user, an RPC service is a set of procedures. These procedures are combined on a program and version basis. A port number is associated with a program number. An RPC request is therefore sent to the program using the port number. The request contains the program number, version, and number of the procedure to be executed in the program, among other things. To make a remote procedure call, a client must locate the program called using the port number. To do this, it can call a special service in the machine supporting the server: port mapper.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 91

X-WINDOW CLIENT-SERVER ARCHITECTURE

X-Window Clients

X11 protocol

X-Window server

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 92

X_WINDOW or X is a multi-window graphical interface. It is very widely used in the TCP/IP and UNIX world and has been adopted by all workstation manufacturers and by X/OPEN in the portability guide (XPG4). X_WINDOW provides a basic service and is generally used on a supplementary layer offering high level services for graphic interface management. The two most widely used high level graphic interfaces are Motif (supplied by OSF) and OPEN LOOK (supplied by Sun Microsystems). Nowadays, X-WINDOW is used, via the X.11 protocol, to run local or remote applications with local graphic display. A single process (SERVER) controls all the input-output (physical level). It is responsible for creating and manipulating screen windows, displaying text or graphics and managing input (keyboard and mouse). The implementation of an X server is closely linked to the hardware. It is run locally on a workstation, graphics terminal or in emulation mode on a Windows station, and interprets messages from client applications. Any application designed to use the facilities provided by an X server is considered a client. The client communicates with the server in asynchronous mode over the TCP/IP network.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 92

Applications : The essential


True or False
Any IP host must know a DNS server to work correctly An URL is a server address. A host being FTP server, it can connect as a client to a WEB server. FTP is the only way to get back a file from a remote Internet site. TELNET is an application from Internet world, but only used by UNIX systems. The following URL is valid : http://155.132.10.53:2080/coucou.html SMTP is a protocol using the connected mode. To send and receive e-mails, we must configure a POP server ! False False True False False True True False

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 93

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 93

Section 6 IP NETWORK INTERCONNECTIONS

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 94

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 94

GATEWAY
Definition The concept of gateway is used in the application layer Eg. : SNA gateway on Digital machine By extension, this concept is applied to all layers and especially the lower layers "Network" gateways are then seen as level N interconnection equipment Terminology Repeater : level 1 gateway Bridge : level 2 gateway Router : level 3 gateway Special case IP gateway = IP router = Level 3 gateway Switch = level 2 switch (Ethernet, ATM, etc) = level 2 gateway

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 95

Two networks are interconnected by intermediate equipment known by the generic term of "gateway". The OSI has formalized the concept of gateway. It is characterized using the criteria of action level and action mode. The action level is the level at which the gateway operates. It is in fact the highest OSI level concerned. Higher levels do not see the gateway.

The action mode is the way in which the gateway handles conversion. It can map PDUs with adaptations (headers, sizes, nature) where required, or map SDUs. In all cases, layers (1) to (N-1) on both sides do not see one another and can generally be different. Gateway names have been standardized: repeater : bridge router : : level 1 gateway, level 2 gateway (MAC), level 3 gateway.

In general, the term "gateway" is used where the above three terms (repeater, bridge, router) are not applicable. However, in TCP/IP terminology, a gateway is a router.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 95

REPEATER

205m

Example: 100BaseT

5m 100m

100m

The binary signal is present at all ports


TCP/IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 96

Repeaters were initially used for extending the physical bearer by repeating the signal. A repeater is first and foremost a regenerator. Repeaters are widely used in Ethernet networks for integrating physical networks using different bearers such as 10 Base 5 coax, 10 Base 2 coax and 10 Base T twisted pairs. In this case, the repeater combines the AUI, BNC and RJ45 interface. The Hub is the basic element of a 10 or 100 Base T network and is in fact a multiport repeater.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 96

BRIDGE

CSMA/CD filtering bridge


LAN 1
Dest@ Mac C Src@ Mac A ...

Bridging

LAN 2

Dest@ Mac B Src@ Mac A ...

Port 1 Port 0 BRIDGE

Filtering

Dest@ Mac C Src@ Mac A ...

Port 0 - @ Mac A - @ Mac B - ...


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Port 1 - @ Mac C - @ Mac D - ... C

D
TCP/IP

Page 97

Interconnection is handled on layer 2. Bridges do not take account of layer 3 protocols carried in frames. They direct traffic by MAC addressing. They are totally transparent to layer 3 or higher protocols. There are two types of bridge: transparent filtering bridge used in Ethernet LANs. algorithm for loop resolution. "Source routing" bridge used in Token Ring LANs. It uses the Spanning Tree

A transparent filtering bridge handles three functions: self-training: a bridge locates stations dynamically using the "source MAC address" field. It determines the position of each station. filtering: when the bridge deduces that the sender and receiver of a frame are in the same segment (on the same side of the bridge) it does not send the frame to the other network (flow optimization). bridging: when the bridge receives a frame whose recipient is on the other network (or unknown), it regenerates the frame and sends it to the other network. An unknown recipient is a station which has not yet indicated its presence by sending a frame.

For Ethernet bridges, an option allows filtering for each type of protocol.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 97

BRIDGE : LIMITATIONS

CSMA/CD filtering bridge


LAN 3
Dest@ Mac C Src@ Mac A ...

LAN 1
Dest@ Mac C Src@ Mac A ...

Port 2
Dest@ Mac B Src@ Mac A ...

Port 0

BRIDGE Port 1

Bridging

Filtering

Dest@ Mac C Src@ Mac A ...

Port 0 - @ Mac A - @ Mac B - ...


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Port 1 - @ Mac C - @ Mac D - ... C D LAN 2


TCP/IP
Page 98

A bridge between two Ethernet segments is used primarily to create two separate collision domains. Otherwise, it is used to interconnect two remote physical networks. However, if there are more than two segments to interconnect, the bridge becomes a handicap since it will transmit on all segments if the source and destination do not belong to the same segment. In this case, a router is required.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 98

ROUTER
A Network 1
Dest@ IP C Src@ IP A ...

Network 3

Port 2
Dest@ IP B Src@ IP A ...

Port 0 Port 1

Routing

Dest@ IP C Src@ IP A ...

Routing Table - Network 1 Connected to port 0 - Network 2 Connected to port 1 - Network 3 Connected to port 2 D

C Network 2
TCP/IP
Page 99

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Interconnection is handled on layer 3. A router is therefore associated with a network protocol (there are multi-protocol routers). Routers direct traffic by analyzing the layer 3 address. Routers are totally transparent to layer 4 and higher protocols. As its name suggests, a router routes an incoming packet to the correct output according to the destination address. A router only receives packets which it can switch. A bridge receives all frames sent on the local network. Packets are either sent directly by the sending station, or sent by another router. The products below are available on the market: Single-protocol router The router processes the packets of only one network protocol. Multi-protocol router The router processes packets for more than one network protocol. Each network protocol is independent (separate routing tables, different routing protocols). Bridge router (B-Router) A bridge router acts as a bridge for some protocols and as a router for others: "If it cannot bridge a protocol, it routes it".

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 99

ROUTER

Network interconnection
network 3 170.10.0.0 network 1 150.10.0.0 LL, ISDN network 2 160.10.0.0

R1

X.25, FR, ATM

R2

A
@MAC R1 @IP B

@IP B DATA @IP B @MAC R2 @IP B DATA @IP B @MAC B @IP B DATA @IP B

DATA

Network 1
DATA

R1 R2 B
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Network 3
DATA

Network 2
DATA

TCP/IP

Page 100

The IP router determines the route to be taken to reach the recipient IP machine. The accessibility of an IP machine is determined on the basis of the principle below: "an IP router is required between two IP machines with different network numbers [and subnetwork numbers, where applicable]." A TCP/IP network therefore consists of a set of logical subnetworks interconnected by routers. Note: A routing table does not contain all accessible networks with associated routers. In general, the last entry in the table is a default entry and contains a default router IP address for all packets which the router is unable to switch to an explicit route. In addition, a routing table contains information concerning the relative distance of each accessible network.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 100

ROUTING

STATIC a route corresponds to a given address Eg. : Network 150.10.0.0 accessible via R1 in one hop DYNAMIC Routers interchange routing information for choosing the best route based on different criteria Questions: What information is interchanged? When is the information interchanged? What entity is information interchanged with? Choice criteria : metric simple : number of hops multiple : bit rate, load, reliability, etc.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 101

Two types of routing: Static and dynamic

Static routing is the simplest. A line configured manually in the routing table indicates the interface to be used and, where applicable, the next router to be reached to send the packet to the destination network. Eg. : route add net 150.10.0.0 160.10.20.30 1. This route indicates that to reach network 150.10.0.0, the IP packet must be sent to router 160.10.20.30, reached in one hop. Dynamic routing has the advantage of automatic recognition and updating. Dynamic routing involves identifying what information is to be transmitted between routers, when, and where to. It also determines the criteria for choosing the best route. information called "metrics". The choice is based on

The minimum metric is the minimum number of hops, but there are other criteria such as bit rate, delay, load and even financial cost.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 101

ROUTING

Convergence time length of the routing update delay Volume of information to be interchanged low to very high Routing table size Impossible to control without an address hierarchy Impossible to control without a network hierarchy CIDR : Classless Inter Domain Routing Associates the concept of geographic prefix with class C IP addresses Eg. : 194.150.160.170 -- > 194 represents France Autonomous System Combines a significant number of networks in a single entity
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 102

Convergence time depends on the type of update (cyclic or event-driven). It can vary from a few hundred milliseconds to a few minutes. One consequence of this is that a route seen as available can in fact be blocked, and vice versa. The frequency and extent of updates (entire table or modified lines only) affects the volume interchanged which ultimately must not exceed user traffic. For large networks, it is important to limit the size of routing tables (listing all possible connections is not viable). There are two solutions: CIDR (Classless Inter Domain Routing) and autonomous systems are solutions to this problem, using hierarchical addressing which does not exist in IP (based only on the concept of the net to be reached).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 102

ROUTING ON THE INTERNET

Routing architecture Division of the Internet into Autonomous Systems Protocol types "Internal" (IGP) : RIP, OSPF, IS-IS, EIGRP "External" (EGP) : BGP-4
Net 1 Net 1 AS 1 Net 2 Net 3 OSPF Net 1 E.G.P. I.G.P.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

RIP BGP4 Net 2

AS 3

Net 2 AS 2 Net 4
TCP/IP

Net 3 EIGRP

Page 103

An autonomous system is a way of assigning the same reference to a set of networks. The AS N is an official number assigned by the NIC (Network Information Centre). It is a 16-bit number which is inserted before the IP header. It is managed (added or deleted) only by boundary routers operating on an EGP. To date, approximately 2500 autonomous systems exist, "masking" hundreds of thousands of networks. France Tlcom is an AS.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 103

ROUTING : CATEGORIES

Distance Vector Routers interchange routing tables cyclically The best route has the least routers to be crossed Convergence time is lengthy Volume is significant There is a risk of looping Few processor resources are required RIP, Routing Information Protocol (IETF) IGRP, Inter Gateway Routing Protocol (Cisco) EIGRP Enhanced Inter Gateway Routing Protocol (Cisco)
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 104

There are two main routing categories: Distance vector routing and link state routing. A third category, path vector routing, is specific to BGP4 protocol. Distance vector routing is the earliest category. Routers perform only one task: interchanging routing tables. This has the advantage of simplicity. With the exception of EIGRP, the main disadvantages include high volume, slow convergence and risk of looping.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 104

ROUTING : CATEGORIES

LINK STATE Each router builds a network map Routers interchange link states on an event basis The best route incurs the lowest cost Convergence time is low Volume is low No risk of looping The process is bulky OSPF, Open Shortest Path First (IETF) IS-IS , Intermediate System to Intermediate System (ISO)
TCP/IP
Page 105

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Link state protocols are reputed to offer higher performance but also use up more processing resources. Each router builds a network map from its own viewpoint, based on link information received. This principle eliminates the risk of looping. Routers transmit only those link states which have changed, and when the change occurs, convergence is very fast. Updating is said to be by "flooding" and as fast as packet transmission speed. The volume of data interchanged is very low. The main disadvantage is that the router recomputes its routes each time the state of a link changes.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 105

ROUTING : CATEGORIES

PATH VECTOR Changes in the Link State Routes are described using the path taken Each router builds a network map Routers interchange path attributes on an event basis The best path incurs the least cost (including financial) Convergence time is fast Volume is low No risk of looping BGP4, Border Gateway Protocol (IETF)

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 106

BGP4 is the path vector protocol. In fact, it is a link state protocol which also supplies the route path in terms of a list of the autonomous systems crossed. BGP can be considered as an application based on TCP.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 106

Interconnection : The essential

True or False
Internet is made of plenty of networks connected by routers. An IP network can contain several LANs Intelligents bridges can analyse the IP header to route packets better. Internet is shared in zones to decrease routing management traffic. Routing protocols were implemented from the beginning of Internet 30 years ago. Any IP host must know the IP address of a router to communicate with other hosts. Each time a packet enters a router, OSPF is used in order to find the right route to destination. True True False True True False

False

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 107

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 107

Section 7 NETWORK ADMINISTRATION

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 108

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 108

ADMINISTRATION

Objective : To Manage, Optimize, Configure, Secure, Observe, Correct


INDEPENDENTLY OF PROPRIETARY TOOLS

MANAGING CONFIGURATIONS
Mechanisms to manage and set up resources

Norms / Standards
CMIS / CMIP
Common Management Information Service / Protocol

CARRYING OUT OBSERVATIONS


Measurements, statistics, performance, load

MANAGING EVENTS
Detection, location, restart on incident, alarms

CMOT
CMIS/CMIP Over TCP/IP

MANAGING COSTS
Allocating and distributing loads

SNMP
Simple Network Management Protocol

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 109

SNMP protocol (Simple Network Management Protocol) began as a standardized protocol for managing TCP/IP networks, but nowadays is applicable to both PABXs and Frame Relay equipment. Its main advantage lies in its very general nature and in the fact that it can be extended using private objects. SNMP can be used for the administration of TCP/IP machines as well as modems, bridges and dedicated routers. SNMP administration is not hampered by costly and mutually incompatible proprietary administration tools.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 109

SIMPLE NETWORK MANAGEMENT PROTOCOL

MANAGER Graphics tool providing the man/machine interface The Manager sends requests and receives responses to administration commands HP Openview and SunNet Manager are SNMP Managers AGENT The agent is the Server for Client Manager requests Manager and Agent dialogue via SNMP An agent can extend SNMP requests in proprietary format (agent proxy) SNMP Agents manipulate objects MIB Management Information Base MIB I and II describe more than 200 standardized objects
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 110

SNMP is based on a few simple ideas: Network Agents which are software administrative components resident in network administerable components (IP layers, TCP layer, router, monitoring equipment, etc). Network Management Stations for processing administrative information from Network Agents and providing management services for operators. These are tools such as HP Openview and SunNet Manager. each Network Agent maintains a management database (MIB: Management Information Base) consisting of a set of objects representing administerable elements in the network. The types of objects stored in MIBs, object content, object identification techniques and the MIBs themselves are standardized by INTERNET RFCs.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 110

SNMP ADMINISTRATION
Manager
Server Agent
MIB

Agent Router Agent Agent Hub


MIB

MIB

Router

snmp
Agent
MIB

Agent Agent proxy

Bridge

MIB

Bridge Pabx Agent Agent

MIB

proprietary
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 111

SNMP is simply the protocol for dialogue between a Network Manager and a Network Agent. The protocol is designed to facilitate three actions: Network Manager interrogation of Eg. : Number of packets sent per second. a Network Agent's MIB contents.

Modification by the Network Manager of Network Agent MIB contents. Eg : Modifying the colour of a router icon for a threshold of 1000 packets per second. Unsolicited transmission of information messages by the Network Agent to the Network Manager. Eg : alarm generation.

The protocol does not have any sophisticated commands, such as reboot. This is because any command must be equivalent to modifying an MIB parameter. The solution chosen is bound to be the most general solution.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 111

SNMP PROTOCOL : 5 PDUs


AGENT MIB consultation Simple
MIB

MANAGER
Get_request (object,object,...) Get_response (value,value,...) Get_Next_request (object,object,...)

1 2 3

Multiple MIB modification

MIB

Get_response (value,value,...)

Set_request ((object,value),...)
MIB

Get_response (value,value,...)

Agent Alert
MIB

Trap (infos)

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 112

SNMP defines a set of rules for the administration of a heterogeneous network. It is a protocol for information interchange between the administration station and entities managed on the network. SNMP architecture is based on the client/server model. The network administration station is an SNMP client. The entities managed on the network are SNMP servers. SNMP uses UDP transport (some manufacturers however implement it over TCP).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 112

MANAGEMENT INFORMATION BASE

OSI tree
ISOITU 3

ISO 1 ORG 3 DOD 6 Internet 1 Directory 1 Mgmt 2 Experimental 3

ITU 2

Internet Branches
Directory ( 1.3.6.1.1 ) OSI directory in TCP/IP Mgmt ( 1.3.6.1.2 ) Standard MIB (MIB I and II) Experimental ( 1.3.6.1.3 ) IAB trials Private ( 1.3.6.1.4 ) Manufacturer private MIBs
TCP/IP

Private 4

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 113

The MIB is the management information base. Management information and administration parameters are organized in a tree structure. The MIB provides an organized and general view of information managed on the network. Information in the MIB is located at a tree node and represented by a number. Rather than relating to the databases themselves, which depend primarily on the different implementations, TCP/IP architecture is primarily applicable to defining types of objects in MIBs and the way in which these object types are identified. Object types The structure of an object type defined by SMI (Structure of Management Information) is fully compliant with ASN.1 and mainly hierarchical. SMI is located at the point in the hierarchy administered by the IAB (Internet Authority Board). The root of the object type tree defined by ASN.1 has no name and has three branches: an ITU branch (number 0) introducing objects administered by the ITU (formerly CCITT). an ISO branch (number 1) introducing objects administered by the ISO. a JOINT-ISO-ITU branch (number 2).

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 113

MANAGEMENT INFORMATION BASE

Internet tree - MIB-II


Internet
1

Directory 1

Mgmt 2

Experimental 3

Private 4

MIB-2 1

At System 3 1 Interface 2

ICMP 5 IP 4 TCP 6

UDP 7 EGP 8

CMOT 9 Trans. 10
TCP/IP

SNMP 11

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 114

The ISO node comprises a number of branches, including: an ORG branch (number 3) for other national or international organizations. This branch itself has a number of branches, one of which is assigned to the NIST, which has handed administration over to the DOD. a DOD branch (number 6) managed by the DOD. The DOD itself Authority Board). has assigned branch number 1 to the IAB (Internet

Any point on the tree is therefore defined by a sequence of numbers for each of the nodes crossed to reach the object: the INTERNET node is referenced 1.3.6.1. Note the following: iso org dod internet MIB MIB I incorporates 114 objects in eight groups, and MIB II 170 objects in ten groups. However, it is possible to make some comments. The group structure on the first level is used to access the following information: OBJECT IDENTIFIER ::= { 1 } OBJECT IDENTIFIER ::= { iso 3 } OBJECT IDENTIFIER ::= { iso org 6 } OBJECT IDENTIFIER ::= { iso org dod 1 }

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 114

STANDARD MIB I - II VARIABLES

Examples of variables
SysUpTime : Time elapsed since last startup (System) IfNumber : Number of network interfaces (Interface) ATTable : MAC-IP address translation table (Addr. Trans.) IPdefaultTTL : Time to live value for IP packets (Interface) IPInReceives : Number of datagrams received (IP) IPForwDatagrams : Number of datagrams forwarded (IP) IPOutNoRoutes : Number of packets routed in error (IP) IPReasmOKs : Number of packets reassembled correctly (IP) IPFragOKs : Number of packets fragmented (IP) IPRoutingTable : Routing table (IP) ICMPInEchos : Number of "Echo Request" PDUs received (IP) TCPMaxConn : Maximum number of TCP connections allowed (TCP) TCPInSegs : Number of TCP segments received (TCP) UDPInDatagrams : Number of UDP datagrams received (UDP)
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 115

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 115

ANALYSIS OF IP NETWORKS

Solution 1:

"conventional" analyzer
Analyzer R1 R2 Local area network 2 Local area network 3 Analyzer

Analyzer

Local area network 1

Solution 2:

SNMP probe + MIB Rmon


SNMP

Probe Probe R1 R2 Local area network 2 Local area network 3


TCP/IP

Probe

Administration station

Local area network 1

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 116

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 116

Network management : The essential

True or False
The MIB content is sent from the manager to the agent using the SNMP protocol. Some objects are defined in MIB I and II for standard equipments, but each firm may create his own objects hierarchy. SNMP is a pragmatical protocol like any other protocol from IP world. SNMP is simple and not reliable (over UDP), so a few constructors use it. Other network management architectures exist : Q3 (with CMIP) and CORBA Without network management, an equipment can not be set up. Analysing the IP branch of the MIB II, all the characteristics of this protocol can be retrieved (like those described in this document about IP introduction) False True

True False True False True

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 117

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 117

Section 8 SECURITY

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 118

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 118

SECURITY

System security Password verification Minimum privileges assigned to server processes Filtering on protocols Filtering router Firewall Proxy Server Information encryption SSL S/MIME User authentication Kerberos SecurID Radius
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 119

Some TCP/IP protocols are flawed, as detailed below: ARP (no authentication from recipient), ICMP (destination unreachable, redirection messages), RIP (incorrect routing information), TELNET, FTP (password in plain text), TFTP (no password). Some known Internet attacks are listed below: TCP Splicing 1) 2) 3) The pirate monitors the client-server connection. The pirate saturates the client station. The pirate replaces the client in dialogue with the server.

TCP Flooding 1) 2) 3) The pirate floods the server with connection requests containing an invalid source address. The server responds (ACK, SYN) and reserves buffers. No response follows. Actual clients risk service denial.

LAND Attack TCP Flooding with @IP, source port N = @IP, dest port N

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 119

THE FILTERING ROUTER SOLUTION

Private addresses 150.10.0.0

Public addresses 192.170.145.0 ISDN, LL X.25, FR, ATM

INTRANET

ISP
Filtering router

I N T E R N E T

Filtering of: address, appli, protocol Network Address Translation


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 120

Filtering is effective on: Authorized IP addresses. Authorized Client-Server combinations. Communication protocol fields (IP, ICMP, TCP, UDP). Authorized application port numbers.

These access-list functions are incorporated in most commercially available routers.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 120

THE INTERNET FIREWALL SOLUTION

Secured transparent access to Internet servers Intranet


ISDN, LL X.25, FR, ATM

ISP
Firewall

I N T E R N E T

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 121

Firewalls provide the same facilities but are more extensive than restriction lists. The principle is similar. Filtering based on communication protocol. Filtering based on applications. Filtering based on users. Log files and usage statistics. Possible management of complex networks: VPN : Virtual Private Network. DMZ : Demilitarized Zone. NAT : Network Address Translation.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 121

THE PROXY SERVER SOLUTION

Powerful, non-transparent access to Internet applications Intranet

ISDN, LL X.25, FR, ATM

ISP
Proxy Server

I N T E R N E T

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 122

Application filtering (HTTP, FTP, etc) A user connection is required for each type of service. - difficult if the application is not supported by the proxy. Optimizes the bandwidth towards the Internet by using a disk cache for information viewed on the Internet. Effective filtering of authorized/prohibited sites. Address masking: a unique address for the Internet.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 122

INFORMATION SECURITY

OBJECTIVES

Integrity Data must not be altered Authentication The recipient must be sure of the sender's identity Confidentiality Data must not circulate unencrypted Non-Repudiation The recipient must hold a proof of sending

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 123

Symmetric key encryption DES (Data Encryption Standard): Created by IBM, 56-bit key. Rapid information encryption.

Triple DES (up to 168 bits): Triple encryption with three different keys.

RC2 and RC4: Created by RSA Data Security, variable length key. Faster than DES.

IDEA (International Data Encryption Algorithm): Created in 1991, 128-bit key.

Asymmetric key encryption: RSA (Rivest Shamir Adelman).

The key length determines the encryption quality: 40 bits : weak key 56 bits : robust key 168 bits : inviolable

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 123

SYMMETRIC KEY ENCRYPTION

This is a private message

Mr X

xxxxxxxx xxxxxxx xxxxxxx

xxxxxxxx xxxxxxx xxxxxxx

This is a private message

Mrs Y

Mr X creates the message and encrypts it using the key known to himself and Mrs Y He sends the encrypted message over the network Mrs Y receives the encrypted message and decodes it using the key

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 124

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 124

ASYMMETRIC KEY ENCRYPTION

This is a private message

Mr X
Mrs Y's public key

xxxxxxxx xxxxxxx xxxxxxx

xxxxxxxx xxxxxxx xxxxxxx

This is a private message

Mrs Y

Mrs Y's private key

Mrs Y creates two keys, one private and known to no-one else, and one public which is circulated over the network Mr X creates the message and encrypts it using Mrs Y's public key He sends the encrypted message over the network Mrs Y receives the encrypted message and decodes it using a private key (only she can decode the message, guaranteeing that no-one other than Mr X and Mrs Y can read the message) If Mrs Y wants to reply, she uses Mr X's public key
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 125

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 125

COMBINED SYMMETRIC / ASYMMETRIC KEY

This is a private message

Information confidentiality
xxxxxxxxx xxxxxx xxxxxxx Session key

Mr X

Session key Mrs Y's private key xxxxxxxxx xxxxxx xxxxxxx

This is a private message

Mrs Y

Mrs Y's public key

Mr X encrypts the message using a symmetric key created specifically for this purpose. Mr X then encrypts the session key using Mrs Y's public key and sends all this information to Mrs Y. Mrs Y decodes the session key using her private key, then decodes the message using the session key.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 126

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 126

Section 9 IP VERSION 6

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 127

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 127

IP VERSION 6

Addressing space running out 128-bit addresses Routing table size 128-bit addresses organized hierarchically Lack of security Authentication mechanism Incorporation of new services Machine mobility Simplicity of configuration New applications (multimedia, VoD, remote control, ...) New version of IP protocol extends the addressing and routing function broadcasts superseded by anycasts introduces quality of service information (real time applications, multipoint, security, etc)
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 128

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 128

IP V6 : HEADER
32 bits 4 bits Vers Pri. Payload Length 16 bits Flow Label Next Header 8 bits Source Address (128 bits) 40 octets Hop Limit

Destination Address (128 bits)


TCP/IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 129

Header extension for options: IPv6 options are placed in separate headers, inserted between the IPv6 header and the transport layer header. Easy introduction of new data. Option field length no longer limited to 40 octets.

Autoconfiguration: "plug and play": Mobility management. Easy renumbering on change of service provider. Address server (DHCP : Dynamic Host Configuration Protocol).

Multipoint (Multicast) included in base: For routers and clients. scope = best routing for multicast packets. "Marking" of special flows (Flow Label): Real time applications, Quality of service. Priority of control traffic.

Security: Authentication and data integrity. Optional: confidentiality.

Source-based routing: Source Demand Routing Protocol.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 129

IP V6 ADDRESSING
Unicast address general format 3 5 16
Provider identifier

16

32
Subnetwork identifier

Format Registry Prefix identifier

Subscriber Subscriber type identifier

Example: Site local addresses: Intranet with router 1111 1110 11


Prefix Not used Subnetwork Isolated Intranet Interface

32

Examples: Link local addresses: network with no router 1111 1110 10


Prefix
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Not used

@ MAC interface
TCP/IP
Page 130

16 octets (instead of 4 in the current version) Notation: ABCD:A987:8765:6543:FEDC:BA98:7654:3210 AB98:0:0:0:7:467:AEDC:500 AB98::7:467:AEDC:500 3 broad categories of address: Multicast 1 packet to N machines. Anycast 1 packet to at least one machine. Unicast 1 packet to one machine. 5 address classes: 1 Multicast, 1 Anycast, 3 Unicast. Differentiated in initial address bits.

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 130

The essential of the essential

True or False
To entirely secure a private network, we just have to install a firewall in order to connect to the Internet. A proxy server is a singular router; so, it s also an IP host. IP v6 evolution is necessary, because of a penury of addresses. False

True True

Exercice
From home, you want to connect to a commercial Internet site in order to buy a CD on-line. Please complete the schema of the following page by drawing and naming the networks transitted to reach the Internet site, as well as their equipments Show and name the protocols used to make this connection work.

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 131

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 131

The essential of the essential

SHTTP/SSL/TCP/IP/...
Your PC

LAN

Server Y

Modem

OSPF or RIP or ...


PSTN

AS

IP/PPP

ISP

AS Internet Server POP3


Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Proxy
TCP/IP

SNMP Manager
Page 132

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 132

Glossary : A - I

ARP BOOTP DHCP DNS FTP HTML HTTP IAB IETF IP IRTF ITU-T

Address Resolution Protocol Boot Protocol Dynamic Host Configuration Protocol Domain Name Service File Transfer Hyper Text Markup Language Hyper Text Transfer Protocol Internet Activities Board Internet Ingineering Task Force Internet Protocol Internet Research Task Force International Telecommunications Union - Telecom
TCP/IP

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

Page 133

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 133

Glossary : L - R

LAN MAN MIB NIC OSI OSPF PDU POP PPP RFC RPC

Local Access Network Metropolitan Access Network Model Information Base Network Information Center Open System Interconnexion Open Shortest Path First Packet Data Unit Post Office Protocol Point to Point Protocol Request For Comment Remote Procedure Call

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 134

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 134

Glossary : S - Z

SDU SHTTP SLIP SMTP SNMP SSL TCP UDP WWW

Service Data Unit Secured HTTP Serial Link Internet Protocol Simple Mail Transfer Protocol Simple Network Management Protocol Secured Socket Layer Transmission Control Protocol User Datagram Protocol World Wide Web

Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000

TCP/IP

Page 135

Alcatel University - 8AS 90145 0007 VH ZZA Ed.02

Page 135